By: Enrico Rescigno user 21 May 2019 at 9:46 a.m. CDT

3 Responses
Enrico Rescigno gravatar
We have users that do not have access to mobile phones (who will be using OTP) and have a yubikey instead. Default authentication is set to OTP, but, i have no idea how to allow Yubikey users to authenticate. how can we configure Gluu to present either option as an authentication method? is it possible?

By Jose Gonzalez staff 21 May 2019 at 11:20 a.m. CDT

Jose Gonzalez gravatar
Out of the box it is not supported, but you have two options: - Coding a new custom interception script combining the logic of current otp and u2f scripts, or preferably, - Use [Gluu Casa](https://casa.gluu.org/). See: https://gluu.org/docs/casa/user-guide/. Casa is under commercial license

By Enrico Rescigno user 22 May 2019 at 3:02 p.m. CDT

Enrico Rescigno gravatar
Installed Casa and am not sure if i am misunderstanding... now when i try to use saml, rather than being prompted for 2-factor, it attempts to do a logon without verifying a 2-factor authentication method. I have set casa as default for acr authentication, and enabled OTP, and U2F. not prompted for either. what i wanted was for end users to be able to select either OTP, or U2F and self register, does Casa not permit that? before Casa, after entering credentials they would get the default 2-factor OTP (only one available at a time) and was hoping to have multiple options presented to the end users.

By Jose Gonzalez staff 23 May 2019 at 6:25 a.m. CDT

Jose Gonzalez gravatar
Enrollment takes place once logged into Casa. There users can determine if they want to use 2FA for logging in or not. With Casa you cannot force your whole userbase to use 2FA (it's optional - like Google, Github, etc. does...). The docs are comprehensive, check those to learn if the product fits your particular workflows/needs.