Defender 6.4 - Token User Guide

Defender 6.4.0 version supports FIDO2 compatible hardware Yubikey. 

1. Requesting FIDO2 token on Defender Self-Service Portal

2. Register token on ISAPI [One time operation]

3. Authenticate/Login using FIDO2 registered token

Requesting FIDO2 Token program on the Defender Self-Service Portal

1. Click on Request FIDO2 Token tile.

2. Click on Program Token button.

3. User should enter FIDO2 token Name:

   • Should be at least four characters

   • Special character and space are not allowed.

   • Maximum length of 40 characters

   • Underscore (_) is allowed

4. Click on Next and window will display success message.

5. FIDO2 token will appear in assigned token list of user with unique ID.

6. FIDO2 tokens cannot be re-registered.

7. In case an unregistered FIDO2 token is already present on the user’s assigned token list, they cannot request a new token from the portal.

For more information, see Registering a hardware token.

To register a FIDO2 Token

FIDO2 tokens can be registered on ISAPI before authentication for the first time. This is a onetime operation.

1. If FIDO2 tokens are already assigned to users, FIDO2 Registration screen will display list of unregistered FIDO2 tokens.

2. Users need to select any one unregistered FIDO2 token to register.

3. Users need to enter serial number of Token in serial number field.

   • Should be at least four characters

   • Special character and space are not allowed.

   • Maximum length of 40 characters

   • Underscore (_) is allowed

4. After entering the AD password, users need to click on Register button and browser pop-up will appear asking user to insert and touch on FIDO2 compatible YubiKey to complete the registration of FIDO2 token.

5. On successful registration, Login screen will appear for users to continue to authenticate.

6. During registration, users can authenticate using other assigned tokens by clicking on Sign in with another option, if they do not want to use FIDO2 token.

7. In case users have at least one already registered FIDO2 token, they need to click on the register button to register any unregistered tokens.

To login using a FIDO2 Token

1. If user has registered FIDO2 tokens, they can initiate the login process by entering username on the login screen.
2. On next screen, list of registered FIDO2 tokens will appear in combo list for User to
3. Select one to continue authentication. If user has a single registered FIDO2 token, the browser pop-up will appear directly.
4. After selecting registered FIDO2 token, on click of Sign in, browser pop-up will appear asking user to insert and touch the FIDO2 compatible YubiKey to match credentials stored while registration.
5. Users need to touch the YubiKey within 20 seconds once browser po-up appears for user input. On timeout, user can either reload session to continue login with FIDO2 token or choose Sign in with another option.
6. If credentials match, user will be logged in to ISAPI.

For more information, see Registering a hardware token.

Your system administrator may provide you with a hardware token that allows you to authenticate and get access to resources protected with Defender. Before you start using the hardware token for authentication, you need to register it. You can either have the system administrator register the hardware token for you or you can register the token yourself.

Your system administrator may configure a special Web site called the Defender Self-Service Portal where you can register hardware tokens. Contact your system administrator to learn if you can use the Defender Self-Service Portal to register hardware tokens and to obtain the address (URL) of the portal Web site.

To self-register a hardware token

1. In your Web browser, open the Defender Self-Service Portal Web site.
2. Sign in to the Defender Self-Service Portal.
3. Click the Register a hardware token option.
4. Follow the on-screen instructions to register your hardware token.