FileCloud Single Sign-on with YubiKey and ADFS

What is SSO?

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent software systems.

True single sign-on allows the user to log in once and access services without re-entering authentication factors.

What is Two-factor Authentication?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. This process is done to better protect both the user’s credentials and the resources the user can access.

What is ADFS?

Active Directory Federation Services (ADFS), a software component developed by Microsoft, runs on Windows Server operating systems and provides users with single sign-on access to systems and applications located across organizational boundaries.

What is a YubiKey?

Yubico offers different types of “YubiKeys”. The most recent release is the YubiKey 5 Series, which comes in USB-A, USB-C, Lightning, and NFC.

The YubiKey is a device that makes two-factor authentication as simple as possible. Instead of a code being texted to you or generated by an app on your phone, simply plug in your YubiKey and press a button. Each device has a unique code built into it, which generates additional codes that help confirm your identity.

YubiKey is used by leaders in the tech industry across widely recognized platforms and software services. These include Microsoft, Google, Amazon, eBay, GitHub, Citrix, SalesForce, DropBox, Facebook, and Twitter, among others.

Set Up FileCloud SSO with ADFS and YubiKey as a 2FA method

  1. Add YubiKey as a two-factor authentication method to ADFS 2019 by following the steps described here.
  2. Find the GitHub Code here.
  3. Add custom attributes to Users in Active Directory by following the steps described here.
  4. Enable SAML SSO in FileCloud using the steps described here here.
  5. Set Up FileCloud SSO with ADFS using the steps described here.

FileCloud SSO with ADFS and YubiKey

When the user plugs in their YubiKey and presses the button to generate the token, the first 12 characters of the code are the YubiKey ID.
ADFS compares the first 12 characters with the YubiKey ID added in the custom attribute. If they match, ADFS sends an API call to a cloud API gateway from the YubiKey. This API call confirms whether the code is valid.

Once validated, the SSO session is confirmed. The user is redirected to their FileCloud dashboard. The whole process is easy, fast, and secure.

Article written by Wail Bouziane