Passwordless Authentication with AD using Yubikey (FIDO2) on Linux without browser RRS feed

  • Question

  • Hi,

    I'm trying to use Yubikey to authenticate to AD using FIDO2. And I want to do this without a browser but through Yubico's host library. Can this be done? And can this be done on a Linux machine instead of Windows?


    Are there any endpoint or WebAuthn server to use in order to connect with AD?

    Thank you so much.




    Wednesday, September 4, 2019 6:11 PM

All replies

  • Have you looked into Using YubiKeys with Azure MFA for steps to use UbiKeys with Azure MFA.  I am also checking internally with the products team if this is possible for Linux machines and let you know of my findings.
    Thursday, September 5, 2019 6:58 PM
  • Hi,

    Thank you so much for the reply. I have looked into the MFA documentation on Yubico. But MFA is not what I'm looking for. I'm trying to do the passwordless authentication using Yubikey as a single factor under the FIDO2 protocol. The documentation I found most useful is this Azure AD documentation: Enable passwordless security key sign in for Azure AD (preview).  Through this, I have registered the Yubikey and done the authentication to AD. But this is using the browser. Is there a way for me to do this without a browser? Any WebAuthn server on Azure?



    Monday, September 9, 2019 5:05 PM
  • Unfortunately this feature is not available and not planned yet by the products team. FIDO is an interactive flow that requires a user agent. For non-interactive flows you have Device Code Flow just like Company portal: Sign-in from another device or signing into Azure with VS Code. 

    If you want you can provide this as feedback over UserVoice.

    Monday, September 9, 2019 10:55 PM
  • Please let me know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.
    Monday, September 16, 2019 11:38 PM