If your organization has enabled Yubikey OTP for multi-factor authentication, when logging in you will have the opportunity to authenticate using a token generated by a Yubikey device as a second factor. If multi-factor authentication is optional for your account, you do not need to use this method. However, if multi-factor authentication using Yubico OTP is required, you must have a Yubikey device issued to you and authenticate using that key before gaining access to your resources.
To use Yubikey OTP
...
If multi-factor authentication is optional (or required and you have multiple options available to you) and you want to enable Yubico OTP for your account, select Yubico One Time Password and click Submit.
| Info |
|---|
The MFA options available to you depends on your administrator. You may see more or less options than shown below. |
...
| Info |
|---|
If Yubico is required for your account, you will not see a screen asking you to select a multi-factor option. Instead, you will see the below screen. |
...
To use PAM, you interact with the PAM Resources Page. This page contains everything you need to work with PAM. To access the page, you authenticate to EmpowerID and select Privileged Access > Request Access from the navbar.
This takes you to the PAM Resources page. This page is comprised of a number of tabs and Action links for accessing and working with PAM resources. The amount of resources you see will vary according to the access given to you by your administrator.
The tabs available on this page include:
- Computers — Displays computers with vaulted credentials to which you can request access. For information on how to requesting access to computers, see "hyperlink".
- Credentials — Displays a list of non-computer vaulted credentials to which you can request access. Non-computer credentials include those used for accessing applications. For information on requesting access to credentials, see "hyperlink".
- Checked-Out Credentials — Displays a list of currently used (checked-out) credentials.
- Check-Out Records — Displays a history of credential check outs, including any currently live check outs.
- Secrets — Display a list of secrets to which you have access. For information on how to create a secret, see
Depending on the tab selected and the amount of access you have, you may or may not see Action links. When clicked, Action links initiate a workflow in EmpowerID. In the below image, the logged in user sees the Create Master Password Action link on the Secrets tab. A master password is is used by EmpowerID to create a PKI (Public and Private) key that is linked to your person. This key is used to encrypt and decrypt data on your behalf. When you create a secret or use PAM for the first time, you will need to create a master password. Then each time you check out a credential or create a secret, you use your master password to unlock the credential or secret. 