Approach 3 utilizes an organization's existing PKI infrastructure to support phishing-resistant smart card (PIV) authentication with YubiKey 5 Series and YubiKey 4 Series devices, as well as legacy devices that support the PIV protocol.Approaches 1 & 2 use a SAML integration with FIDO2, utilize phishing-resistant authentication that is compatible with our entire current product range: The Security Key series, the YubiKey 5 Series, and the YubiKey Bio.To decide on the approach that’s right for you, you must consider the environment you are deploying to, and your requirements for phishing resistance:
This document focuses on a Microsoft Active Directory and Azure Active Directory centric implementation but the basic patterns can be applied to other vendor solutions. This document outlines each approach and discusses each approach's advantages. There are many different approaches to implementing YubiKeys with Cisco VPN based on the ASA configuration. Cisco Adaptive Security Appliance (ASA) VPN deployments can take advantage of the strong authentication that YubiKey provides.