Before programming a VIP credential, make sure you enable the use of VIP credentials in Defender. For more information, see Enabling the use of VIP credentials.
In this step, you program and assign a VIP credential to the user you want. You can reassign an existing VIP credential from one user to another or assign a new VIP credential as required.
To program a VIP credential for a user
For more information about the wizard steps and options, see Defender Token Programming Wizard reference.
After you complete the wizard, a new VIP credential entry appears in the Tokens list on the Defender tab.
You can allow users to authenticate via Defender by using one-time passwords generated with the YubiKey hardware token. Defender supports the YubiKey token programmed to work either in the Yubico OTP or OATH-HOTP mode.
See the following sections for instructions on enabling the use of the YubiKey token programmed in one of these modes:
When the YubiKey tokens you have purchased are in the Yubico OTP mode, to enable their use with Defender, you need to specify the client ID and API key provided with the tokens in the Defender Administration Console, and then configure self-service settings on the Defender Management Portal to enable users to self-register their YubiKey tokens on the Defender Self-Service Portal.
When a user registers the YubiKey on the Defender Self-Service Portal, the corresponding token object is automatically created in Active Directory.
To enable the use of YubiKey working in Yubico OTP mode
For the descriptions of elements you can use on the Self-Service Settings tab, see Configuring self-service for users.
When the YubiKey tokens you have purchased are in the OATH-HOTP mode, to enable their use with Defender you need to import the YubiKey token objects into Active Directory by using the .txt import file (also known as the key file) containing token object definitions. Then, you can assign the imported token objects to users as necessary.
Normally, the .txt import file is provided together with the YubiKey tokens. Before importing token objects, you need to modify the .txt import file so that Defender can read its contents.
To enable the use of YubiKey working in OATH-HOTP mode
The columns in the file contain the following: