U2F for Online mode (new wished feature)

michel.castonguay · ‎06-06-2019

We are using Yubikeys with DUO but those can only be configured as Hardware Tokens which require some pre-configuration steps through the Yubikey personalization tool.

This is pretty tedious since we can’t deliver them directly to the end users.
We can configure them as U2F which is awesome and much more simple but unfortunately, Online mode doesn’t support U2F yet

I’ve been told that DUO was planing to support it in a future version, so I’d like to know if there is some developments about that new feature.

Here is the comment I received from DUO support few months ago

We do plan on supporting U2F for online mode next year. U2F offline is supported today because we got it to work locally, but the way U2F typically works requires a completely different codepath so we need to build the infra up to our cloud service. For online mode today, users will still have to use the Yubikeys as OTP mode which requires it to be programmed. For offline mode or any other web based integration supporting our iframe, U2F can be used and they can be self-enrolled easily by the end user without any configuration from the Yubikey Personalization tool and Duo admin panel.

Thanks

PatrickKnight · ‎06-07-2019

Hey @michel.castonguay If you are asking about adding Online U2F to Windows Logon , this is something we are keen to to add in the future. There is nothing new we can share today, but would suggest reaching out to your account team or support to be added to the feature request.