Overview
HySecure supports the use of hardware tokens as the second factor of authentication. The individual tokens can be assigned to users to perform the additional authentication. Hardware tokens can be assigned to local, AD, LDAP, RADIUS, or SAML users. Only TOTP-based tokens are supported currently.
Follow the steps mentioned here to configure the use of hardware tokens: common_pages\content_hysecure_overview
- Import Hardware Tokens
- Assign Hardware Tokens to Specific Users
- Create a HyID Policy, with Hardware Token enabled, for the user
Import Hardware Tokens
-
Log on to the Management Console.
-
Go to Policies > Hardware Tokens and click the Import Tokens button.
-
Enter the information needed for importing the tokens.
| Field | Description |
|---|---|
| Select Authentication Domain | Select the Authentication Domain for which the Hardware tokens are to be imported. |
| Select encryption type | Select one of the types indicated in the drop-down list. Not Encrypted: Select if the HMAC secrets are not encrypted. Key Protected: Select if the HMAC secrets are key protected. The Key/Password value will need to be filled up with the relevant key. Password Protected: Select if the HMAC secrets are password protected. The Key/Password value will need to be entered with the relevant password. |
| Key/Password value | Enter the Key or password, as appropriate, to the selected encryption type. Note that this field is disabled if the Encryption Type is selected as Not Encrypted. |
| HMAC Function | Select the Encryption method from - SHA-1, SHA-256, SHA-512; of Hash Message Authentication Code. |
| Choose PSKC File | Browse and select the XML file of any OAUTH-compliant OTP tokens file. |
Click Submit to import the hardware tokens or click Cancel to exit.
If everything is correct the hardware tokens will be imported automatically, and the administrator can view the list of hardware tokens.
View Hardware tokens List
- Log on to the Management Console.
- Go to Policies > Hardware Tokens.
-
A list of imported Hardware Tokens is displayed in a tabular manner with the following information:
| Column | Description |
|---|---|
| Status | Displays whether the token is assigned to a user or not. |
| Serial No. | Displays the token's Serial number that needs to be associated with the user. |
| User Name | Displays the name of the user to whom the hardware token is assigned. |
| Authentication Domain | Displays the Authentication Domain name to which the 2FA using Hardware tokens is assigned. |
| Manufacturer | Displays the manufacturer of the hardware token. |
| Algorithm | Displays the algorithm used by the tokens and can be HOTP (event-based) or TOTP (time-based). Only TOTP-based tokens are supported currently. |
| HMAC Function | Displays the type of Encryption. |
| Token Length | Displays the character length of the token. |
| Token Interval | Displays the token interval in seconds. |
Delete Token
Select the configured hardware token that needs to be deleted and click Delete. The selected token(s) will get deleted on confirmation.
Export Tokens
To download the complete token information report in the CSV file format, click Export Tokens.
Search Tokens
In case there are a large number of tokens imported, then the list on the Imported Hardware Tokens can be filtered for one or more Tokens by specifying the supported criteria on the Search Filter. Select the field from the Search Filter drop-down list to filter the list. Click Show to display the filtered list.