Using Token2 FIDO Security keys for OneLogin user account

OneLogin gives users the ability to access the applications and other resources they need to do their job by logging in once to a single interface. Platforms like OneLogin are known as Identity and Access Management (IAM) solutions that are primarily used to provide their users with a Single Sign-on (SSO) experience.
Multi-factor authentication(MFA) and two-factor authentication(2FA) add an extra layer of security to your users' accounts, drastically reducing the chances of sensitive information being hacked by cybercriminals.
OneLogin allows using Token2 programmable tokens and Token2 Security keys for two-step verification.
In this article, we will show the procedures required to enroll and use Token2 Security keys for two-factor authentication for OneLogin user account .

Requirements:

• A OneLogin account with admin rights
• Admin access to enable security keys (not required if security keys are already enabled)
• Modern browser supporting security keys
• A Token2 FIDO security key

Create an authenticator factor

1)Log in to your OneLogin account as an Administrator.
2) Go to Security>Authentication Factors.
3) On the Authentication Factors page, click New Auth Factor.
4) Select WebAuthn.
5) Give user description(for example:Token2 FIDO Security key).
6) Click Save.

The authentication factor is listed on the Authentication Factors page.


Create a user Security policy and add the authentication factor

1) Go to Security>Policies.
2) On the Policies page, click New User Policy.
3) Give a name for the created policy.


4) Go to the MFA tab.
5) In the One-time passwords section, check OTP Auth Required and Token2 FIDO Security key.


6) In the Enforcement settings section, select which users will require OTP and when :

- Select All users from the dropdown box: This applies to all users. Users will be prompted to set up an authentication factor during their first login attempt.
- Select at every login.


7) Click Save.

Assign MFA security policies to a group

A OneLogin group is a ideal way of associating users with MFA security policies.
1) Go to Users > Groups.
2) Click New Group.
3)Give a name for the new group and select Default policy from the dropdown menu.



4) Click Save.


Setup Security key

Now you can add users to this group. The members of this group will have an extra layer of security - when the users log in, they will be required to register their devices.
Insert the security key and click Begin Setup




OneLogin will start to identify the inserted security key. If you have set up a PIN code on it you will be prompted to type it.




Then you need to press the button on security key to complete registration.
Note: Security keys differ in the exact instructions to activate them. Your key may require a tap or button press to activate registration.




Now, the user account is ready to use this identity verification method. When OneLogin prompts you for your security key, insert it, and touch the button if it has a button.
The security key generates the required credentials, and the browser passes them on to OneLogin to complete the verification.