U2F, OIDC Team Up For Strong Authentication, Federation

July 15, 2016 2 minute read
city lights from nasa

The New York Times sits elegantly secured behind authentication technology that combines a U2F-enabled YubiKey and standardized identity federation built on OpenID Connect (OIDC).

It’s a colorful twist for a newspaper first published in 1851 and famously known as The Gray Lady. But linked with Google and Yubico, the trio is part of an identity federation that relies on strong authentication to protect access to the online version of the newspaper.

Identity federation is the process of logging in to a single identity provider (in this case, Google) and then navigating to other sites (for example, The New York Times) without having to log in again. The YubiKey and FIDO U2F secure the identity provider login using public key cryptography, while OIDC takes care of the trusted and federated relationship between Google and The New York Times.

OIDC is an identity federation standard that we profiled along with FIDO U2F last year to show how the pair solves a wider range of authentication challenges than either technology could on its own. Yubico is also a member of the OpenID Foundation, which is the creator of OIDC, and is actively exploring how U2F plays with other standardized identity technology.

Watch this video to see federated identity with a YubiKey in action. It’s impossible to see identity federation working under the covers in this scenario, but the simplicity and security should be clearly evident. And really, that’s the desired user experience.

How to: Login with FIDO U2F and OpenID Connect from Yubico on Vimeo.

Share this article:

Recommended content

Yubikey plugged into laptop with openID connect

U2F, OIDC mix widens authentication options

The Universal Second Factor (U2F) protocol from the FIDO Alliance is an interesting authentication story on its own, but even more so when coupled with another emerging standard called OpenID Connect. With the pair, you can solve more authentication challenges than either could on their own. U2F provides a way for users to authenticate to ...

browserid logo

BrowserID and YubiKey

To to learn how you use the YubiKey with BrowserID, a new open identity initiative, please check out this video from a BrowserID developer: https://vimeo.com/64514090 BrowserID was introduced in mid 2011 by the Mozilla Project. It addresses the same problem as OpenID and SAML, as well as the common OAuth or OpenID-based login-with-an external-account (such ...

Cloud vs. On-Prem: Why opting for on-prem can cost you your next data breach

Most CISOs and IT teams spend their time asking themselves “when”, not “if”, they will be the next company to suffer a data breach. And rightfully so. The frequency of data breaches is skyrocketing, with no sign of slowing down.  To help quantify the problem, recent research from Canalys shows that there were more records ...

Find us at Oktane21 and discover how Okta and the YubiKey bridge enterprises to passwordless

Okta’s premier identity conference, Oktane21, is taking place virtually on April 6-8, and Yubico is once again a proud sponsor. This year, Yubico will highlight our continued partnership with Okta and showcase the YubiKey as the key to trust.  Okta Adaptive MFA and the phishing-resistant YubiKey allow organizations to quickly and securely deploy strong multi-factor ...