cancel
Showing results for 
Search instead for 
Did you mean: 

Anyway to use Security Keys to login on devices? Or how does everyone deal with this?

wonton91
Novitiate I

Hi all,

I'm looking to set up 2FA for managed device login. Some users won't want to deal with any app installed on their devices and issuing stipend or company phone are out of the question. 

I've seen some similar questions but not sure if as time goes anything has change or added to Jumpcloud to enable us to use a security key as the 2nd factor to log on to devices. 

I tried the Yubikey but you would need the Yubikey Authenticator app on another device to get the code. I initially thought it would just fill in the code when touched without the App. If that's the only way, anyway we can script to show the Yubikey Authenticator app to show up on the login screen just like the dirty trick we used to do it with CMD.exe on Windows to reset admin pass. Just some ideas.

I wonder how everyone else doing this without using a 2nd device. 

Thanks all. 

1 ACCEPTED SOLUTION

MarkDiianni
JumpCloud Employee
JumpCloud Employee

Hello,

At this time we do not support the use of physical keys as a method for MFA at device login. We currently support TOTP using any authenticator app, and PUSH using the JumpCloud Protect Mobile application only for device login. That being said, we do support physical keys like Yubikey, Google Titan, or the fingerprint reader on macOS devices for accessing the User Portal or SSO applications. The key just needs to support WebAuthn. 

It's becoming more prevalent that users are required to have a secured form of MFA, generally you want something you know (password), something you have (personal phone, which is near and dear to a person), and something you are (biometric face or finger print on the phone). The JumpCloud Protect App/PUSH helps to satisfy all three of these points.

I would highly encourage you to submit a feature request if you are interested in seeing device MFA support physical keys. Here are instructions on how to submit a feature request.

Best,

Mark

View solution in original post

2 REPLIES 2

MarkDiianni
JumpCloud Employee
JumpCloud Employee

Hello,

At this time we do not support the use of physical keys as a method for MFA at device login. We currently support TOTP using any authenticator app, and PUSH using the JumpCloud Protect Mobile application only for device login. That being said, we do support physical keys like Yubikey, Google Titan, or the fingerprint reader on macOS devices for accessing the User Portal or SSO applications. The key just needs to support WebAuthn. 

It's becoming more prevalent that users are required to have a secured form of MFA, generally you want something you know (password), something you have (personal phone, which is near and dear to a person), and something you are (biometric face or finger print on the phone). The JumpCloud Protect App/PUSH helps to satisfy all three of these points.

I would highly encourage you to submit a feature request if you are interested in seeing device MFA support physical keys. Here are instructions on how to submit a feature request.

Best,

Mark

wonton91
Novitiate I

Thank you for confirming Mark.