U2F Tokens Guide
What is a U2F TokenUniversal 2nd Factor (U2F) tokens allow administrators to leverage security tokens created by the FIDO (Fast IDentity Online) Alliance. These tokens can be USB or NFC based. The U2F token can only be used for connectors that leverage the LoginTC iframe (see Using U2F Tokens).
Business or Enterprise subscription required
See the Pricing page for more information about subscription options.
Supported U2F tokens
U2F tokens must be FIDO, WebAuthn / FIDO2 compliant.
Manually add a U2F token for a particular user:
- Log in to LoginTC Admin
- Click Users and then the user you want to add a U2F token
- Click Add U2F Token
- Insert the U2F token and press the button
- The U2F token will now be associated with the user
Enabling / Disabling U2F Tokens for an Application
Although a U2F token is associated with one user, they can only be used to access applications that have U2F token authentication enabled.
To enable or disable U2F tokens for an application:
- Log in to LoginTC Admin
- Click Applications
- Select the application you want to modify
- Select the appropriate application policy
- Under Authentication Methods Scroll down to U2F Tokens
- Select either Enabled or Disabled
- Scroll down to the bottom of the page and click Save
When a user with a U2F token authenticates using the LoginTC iframe, the option will appear as part of the Authentication Method drop down. To authenticate using a U2F token:
- Select Security Key (U2F) from the Authentication Method dropdown
- Insert the U2F token and press the button
Browser pop-ups not enabled
Users must make sure that browser pop-ups are enabled in order to authenticate with a U2F token.
U2F Token Timeout
Users must authenticate with their U2F token within 60 seconds. If a timeout does occur, simply click Try again to be prompted to authenticate with their U2F token.
Error authenticating with a U2F Token
The following error typically means the U2F token being used is not associated with the user.
