VPN requires YubiKey/RSA token beginning Aug. 5

Beginning Monday, Aug. 5, all Fermilab VPN users will be required to use multifactor authentication via a YubiKey or an RSA token.

If you do not have a YubiKey or RSA token, you must get one immediately in order to use VPN beginning Aug. 5.

Your options are:

  • YubiKey: a hardware device that you can plug into a USB port. YubiKeys are restricted to Fermilab employees. Citrix portal users who use a YubiKey to access business and financial applications may also use the YubiKey to access VPN.

o   To obtain a YubiKey: visit the Fermilab Service Desk on the Ground Floor of Wilson Hall. Be sure to bring your Fermilab ID badge.

  • RSA soft token: an app token that is installed on your cell phone (There is no app for laptops or desktops). NOTE: While the soft token is installed on your cell phone, you would continue to access the VPN system the same way you do today, using your PC, desktop computer, tablet or phone.
  • RSA hard token: a battery-powered device that displays a unique number every 60 seconds.

o   To obtain an RSA soft or hard token:
1.   Log in to the Service Desk web portal, https://servicedesk.fnal.gov with your Services account.
2.   In the search box type “rsa.”
3.   Click “RSA Token Request.” There will be options to request either a soft token (which will be emailed to you) or a hard token (which you need to pick up at the Service Desk, or, if you are a remote user, you can specify a mailing address.)

Instructions for using your YubiKey or RSA token to access the Fermilab VPN system is available in the article at https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0013046

Additional how-to documentation:

The MFA at Fermilab website (available on-site or via VPN) also has FAQs.

If you have any questions about this announcement, email mfa-questions@fnal.gov.