8.5 Configuring Two-Factor Authentication

KeyShield 6.1 adds the ability to require a hardware token in addition to usernames and passwords for LDAP users seeking access through a web browser or WebDAV.

NOTE:Two-factor authentication doesn’t apply to desktop or mobile device applications.

Filr 2.0 supports KeyShield’s two-factor authentication capability through two new options in the KeyShield SSO Configuration dialog:

  • Require Hardware Token: Requires a physical token, such as an access card, for access to Filr.

    You can also specify the error messages that you want displayed when the required token is either not presented or not recognized by KeyShield for web browser or WebDAV access.

  • Allow Username/Password based Fallback Authentication (non-SSO) for LDAP Users: Allows authentication by entering a username and password as an alternative to the hardware token.

    Use this option if you want users to be able to effectively bypass the hardware token requirement by typing in their username and password.

  1. If you want to configure two-factor authentication for your KeyShield 6.1 SSO service, select the options and specify the text accordingly.

  2. Click Test Connection.

    Because the Filr appliance doesn’t yet have the KeyShield SSO SSL certificate in its keystore, the test fails.

  3. Continue with Downloading and Installing the KeyShield SSO SSL Certificate