U2F Tokens Guide

Overview

Universal 2nd Factor (U2F) tokens allow administrators to leverage security tokens created by the FIDO (Fast IDentity Online) Alliance. These tokens can be USB or NFC based. The U2F token can only be used for connectors that leverage the LoginTC iframe (see Using U2F Tokens).

U2F tokens are not currently supported for LoginTC Windows Logon and RDP Connector.

Professional, Business or Enterprise subscription required

See the Pricing page for more information about subscription options.

Supported U2F tokens

U2F tokens must be FIDO, WebAuthn / FIDO2 compliant.

Adding U2F Tokens

Manually add a U2F token for a particular user:

  1. Log in to LoginTC Admin
  2. Click Users and then the user you want to add a U2F token
  3. Click Add U2F Token U2F Token Details
  4. Insert the U2F token and press the button U2F Token Details
  5. The U2F token will now be associated with the user U2F Token Details

Enabling / Disabling U2F Tokens for an Application

Although a U2F token is associated with one user, they can only be used to access applications that have U2F token authentication enabled.

To enable or disable U2F tokens for an application:

  1. Log in to LoginTC Admin
  2. Click Applications
  3. Select the application you want to modify
  4. Select the appropriate application policy
  5. Under Authentication Methods Scroll down to U2F Tokens
  6. Select either Enabled or Disabled
  7. Scroll down to the bottom of the page and click Save

Using U2F Tokens

When a user with a U2F token authenticates using the LoginTC iframe, the option will appear as part of the Authentication Method drop down. To authenticate using a U2F token:

  1. Select Security Key (U2F) from the Authentication Method dropdown
  1. Insert the U2F token and press the button

Troubleshooting

Browser pop-ups not enabled

Users must make sure that browser pop-ups are enabled in order to authenticate with a U2F token.

U2F Token Timeout

Users must authenticate with their U2F token within 60 seconds. If a timeout does occur, simply click Try again to be prompted to authenticate with their U2F token.

Error authenticating with a U2F Token

The following error typically means the U2F token being used is not associated with the user.