Token Management

You can view which tokens are assigned to each user from the Users/Groups tab of a GreenRADIUS domain or you can view which users are assigned to which tokens on the List Tokens screen.

Importing Secrets

Programmed YubiKeys (whether programmed in traditional Yubico OTP mode or OATH-HOTP mode) have secrets associated with each YubiKey. These secrets files must be imported into GreenRADIUS before the YubiKeys can be used.

Secrets can be imported under the Import Secrets tab:

Import Secrets tab

You must select the correct format option depending on which token type you are importing. If importing Yubikey OTP secrets, select the Cross-Platform option. If importing OATH token secrets, select Import OATH Tokens.

Once you have chosen a file format, you will be prompted to select the file containing the secrets.

The List Tokens tab

You can view all locally saved tokens in the List Tokens tab. This tab displays every token saved in the GreenRADIUS database (this does not include pre-programmed Yubikeys, as their secrets are stored in the YubiCloud). It also lists the user assigned to each token andthe user's domain.

Token Assignment

There are several ways to assign tokens to users in GreenRADIUS:

Auto Provisioning

Auto provisioning

Auto Provisioning, described in the previous section, enables users to simply log in with a YubiKey and have it auto-assigned. This is the simplest way to assign YubiKeys (whether OTP or OATH).

Self-Service Portal

Self service portal

The Self-Service Portal allows users to add tokens to themselves manually. It is accessible at https://<ip address of GRVA>/. From the Self-Service Portal, users register YubiKeys or Google Authenticator (or similar soft tokens) by scanning a displayed QR code with their phone.

Administrator Assignment

The GreenRADIUS administrator can manually assign tokens to users from the web admin console in either the List Tokens tab or in the Users/Groups tab of the GreenRADIUS domain.

Assigning a token to a user

You will need to enter the user's name in the canonical user@domain format.

Other

Some other methods have their own ways of assigning tokens. U2F tokens are automatically assigned as part of the login process with our 2FA for Windows Logon solution. Our "Green Rocket 2FA" mobile apps have a simple registration process.

Web Analytics Made Easy -
StatCounter

Updated 2019-07-31
© 2020 Green Rocket Security Inc. All rights reserved.