IGEL OS and FIDO2 Auth using Yubikey for passwordless login to AzureAD – here is the how!

By Fredrik Brattstig @virtualbrat

Curious about using Yubikey or any other FIDO2-compatible USB token? FIDO2 is supported in IGEL OS and can be used for instance to connect to Microsoft Azure Active Directory for passwordless login. I just played around with this and configured my AzureAD to accept FIDO2 login, went in, and configured the Yubikeys for my test users, and you know what, connecting passwordless to https://myapps.microsoft.com works great! To configure AzureAD for FIDO2 login, I followed this official guide on Yubico.com: HERE where the serverside (Azure AD components) was configured accordingly to: HERE and the user configuration was made by following this guide: HERE. On the IGEL OS endpoint, I did nothing else than use a Chromium browser to connect and authenticate. The Yubikey’s that I have been using was the Yubikey 5 Nano and Yubikey 5c NFC.

In an upcoming blog post, I will have a look at FIDO2 and the upcoming Citrix Workspace App for Linux 2209 which are in a tech preview state and you can read about the included new features HERE

That’s it for today, stay tuned for more on anything IGEL OS!

/Fred

Ohh, maybe you want to see IGEL OS and FIDO2 using Yubikey to access SaaS resources from AzureAD, wait no more, I got you covered! Watch the short movie showing the login sequence and login experience!