Skip to content

Linux HyID Credential Provider - Configuration Guide

Overview

This document describes the creation of HyID policy for Linux HyID Credential Provider and the steps to install Linux HyID Credential Provider on the Linux distributions like:

  1. Ubuntu 16.04

  2. Ubuntu 18.04

  3. Ubuntu 21.10

  4. CentOS 7

  5. CentOS 8

  6. RHEL 7

  7. RHEL 8

Note

This document is created using Linux Credential Provider version 5.0.1.

Create HyID Policy for Linux HyID Credential Provider

  1. Log in to the HySecure Management console.

  2. Go to Policies > HyID Policies and click Add to create a new policy.

  3. Provide the policy details.

    • HyID Policy Name: Enter the identifier for the policy.
    • HyID Policy Description: Enter more details for the policy.
    • HyID Policy Type: Select the HyID policy type as HySecure.
    • Select Priority of the Policy: Select priority as 1. Change if you have multiple HyID Desktop Agent type HyID policies.
    • Select Authentication Domain: Select the HySecure authentication domain where you have added your authentication servers.
    • Select Authorization server: Select the Authorization server with which the user will get authorized.
    • Select Policy Assignment type: Select the appropriate option as per requirement.
    • Select User: Select User or User Groups on which you want to apply 2FA via Linux Credential Provider.

  4. Select the types of 2FA you want to use in the Linux Credential Provider. For the demo, we have selected Mobile Tokens and Push Notifications.

  5. Configure Email and SMS token-related settings. For details regarding each option, refer to the Email and SMS OTP Configuration section of HyID.

  6. Set Mobile/PC token Configuration. The Mobile token configuration section of HyID provides details regarding each option.

  7. Set Common OTP Configuration. Refer to the Common OTP Configuration section of HyID.

  8. In Risk-Based Profile Configuration, bypass the users on some specific criteria like WAN IP address exception.

  9. Click Submit to create a HyID Policy for Linux Credential Provider.

Install Linux HyID Credential Provider

  1. Copy the setup file - Linux_Hyid_Credential_Provider_v5.0.1.tar; on the Linux machine desktop folder and extract it with Admin privileges. Use the below command to extract.

    tar -xvf Linux_Hyid_Credential_Provider_v5.0.1.tar

  2. Contents will be extracted the folder - hyid.

  3. Execute the “install.shto” script to start the installation of the HyID module. When prompted for the HySecure/HyID server details, enter the hostname of the HySecure server.

    sudo ./install.sh**

  4. Select Token type as Mobile Token.

  5. Enter the Domain ID configured in HySecure. The default value is 1.

  6. Enter Yes to apply 2FA for common users.

  7. Enter common users for which the additional user credentials are required.

    Use commas to separate multiple user names. For example, localuser1,localuser2,localuser3.

  8. Enter the user account for which 2FA is to be bypassed. If 2FA is bypassed, Admin can access the Linux machine for maintenance.

    Use commas to separate multiple user names. For example, root,user1,user2.

  9. Restart SSH services. Do not close the existing session before checking the user login.

  10. This completes the agent installation.

  11. Take a duplicate server session on which the HyID agent has been installed.

  12. Provide login credentials. If this user is a common user, the user will be prompted to enter the AD username and password.

  13. The user's HyID policy will be evaluated, and 2FA will be asked as per the policy: Mobile token or Push Notification.

  14. Select the OTP channel and press Enter. OTP will be triggered and sent to the Email address or the mobile number configured in the AD authentication server.

  15. Enter the received OTP channel and press Enter.

  16. The user will be logged in successfully.