Overview: Software vs. Hardware

Google Authenticator is a software-based one-time password generator. It runs on smartphones, creating time-based codes to verify a user’s identity. In contrast, YubiKey is a hardware security key. Users physically insert the key or hold it against the NCF reader to authenticate.

Many organizations use both solutions to authenticate logins for employees and customers. Both options are available in popular MFA platforms like Rublon MFA, which streamlines secure access across corporate systems using robust multi-factor authentication.

Google Authenticator vs. YubiKey: What’s the Difference?

The main difference lies in their form and cost. Google Authenticator is free software for mobile devices, while YubiKey is a physical key you must buy that plugs in or connects wirelessly. But there are more differences than just that.

Here’s a handy table comparing both.

Google Authenticator vs. YubiKey: Differences Table

Advantages of YubiKey Over Google Authenticator

1. Stronger Physical Security: YubiKey is a tangible token. Attackers need physical possession to breach. This lowers the risk of threats, such as malware, and thwarts many types of attacks.
2. Phishing Resistance: YubiKeys are phishing-resistant, allowing for extremely secure Phishing-Resistant MFA.
3. Stronger Compliance With Stringent Regulations: YubiKey is considered the most secure type of authentication, thus ensuring stronger compliance with even the most stringent cybersecurity regulations like the Federal Zero Trust Strategy Memorandum and NIST SP 800-63B AAL3.
4. Wider Set of Authentication Options: Newer YubiKey models support multiple authentication standards. These may include Yubico OTP, FIDO U2F, and FIDO2. This flexibility offers more options for enterprise deployments.

Advantages of Google Authenticator Over YubiKey

1. No Hardware Costs: Google Authenticator is free and only requires a smartphone or tablet. This makes it cost-effective for smaller teams and budget-conscious home users.
2. Wider Adoption: While the adoption of YubiKeys has been widening each year, Google Authenticator is still a more widely supported option.
3. Immediate Availability: Users can download the app and start securing accounts right away, with no need to wait for shipping or physically manage keys.

Enterprise Considerations

Both Google Authenticator and YubiKey can secure business applications, but the choice often depends on budget, user training, and compliance requirements.

1. MFA Integration: Pick an MFA provider that supports both options. For example, Rublon MFA allows companies to manage both Google Authenticator and YubiKey authentication methods under a single platform. Administrators gain centralized control over user onboarding, policy enforcement, and usage logs.
2. Deployment Complexity: Software authentication may scale faster across a distributed workforce, as employees already own smartphones. Hardware keys like YubiKey are much more secure but require distribution to all users and thus demand extra logistics.
3. Cost Over Time: Google Authenticator involves no direct costs beyond potential phone maintenance. However, its lower level of security can lead to a compromise that can prove costly to the organization, both money-wise and reputation-wise. In contrast, YubiKey requires an upfront investment but offers extra-strong phishing-resistant protection, dramatically decreasing the likelihood of a compromise.

Which Should You Choose?

Selecting between Google Authenticator and YubiKey depends on several factors. While budget is important, security posture is key. Software-based solutions are easier and cheaper to deploy. However, YubiKey offers superior security. This makes YubiKey preferable for any organization that cares about security and compliance.

Enterprise solutions like Rublon MFA simplify using both methods side by side. This can be ideal for organizations seeking strong MFA protection for privileged accounts (via YubiKey) while still offering a user-friendly alternative (via Google Authenticator) for the rest of the workforce.

Looking for FIDO2 Security Keys? We Got Them!

Need reliable FIDO2 security keys for your staff or customers? We can help you choose the right models.

Start Free Rublon MFA Trial Today

Experience 30 days of Rublon MFA at no cost.

Strengthen your defenses with phishing-resistant logins, deploy FIDO2 security keys and use Google Authenticator (and other MFA mobile apps), and effortlessly elevate your organization’s security posture.

To begin your Free Trial, click the button below.

The post Google Authenticator vs. YubiKey: What’s the Difference? appeared first on Rublon.

Multi-Factor Authentication (MFA) for SOGo adds an extra layer of security to SOGo logins. Users must complete both primary (login/password) and secondary (e.g., Mobile Push) authentication. Even if a cybercriminal knows a user’s password, they will not gain access without completing the second step.

Overview of MFA for SOGo

This documentation describes how to integrate Rublon MFA with SOGo using the LDAP(S) protocol to enable multi-factor authentication for logins to the controller.

Rublon MFA for SOGo integrates via the Rublon Authentication Proxy, supporting the LDAP(S) protocol. It ensures that only authorized users can complete the secondary authentication method, denying access to potential intruders.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push		N/A
WebAuthn/U2F Security Key	–	N/A
Passcode		N/A
SMS Passcode	–	N/A
SMS Link		N/A
Phone Call		N/A
QR Code	–	N/A
Email Link		N/A
YubiKey OTP Security Key		N/A

Before You Start Configuring MFA for SOGo

Before configuring Rublon MFA for SOGo:

• Ensure you have prepared all required components.
• Create an application in the Rublon Admin Console.
• Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeIPA.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already, and configure the Rublon Authentication Proxy as an LDAP proxy.

3. SOGo – A properly installed and configured SOGo server.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application. 

3. Enter a name for your application (e.g., SOGo) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

5. Copy the values of System Token and Secret Key of the newly created application. You will need them later.

Install Rublon Authenticator

Some end-users may use the Rublon Authenticator mobile app. So, as a person configuring MFA for SOGo, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for SOGo via Mobile Push.

Download the Rublon Authenticator for:

• Android
• iOS
• HarmonyOS

Configuring Multi-Factor Authentication (MFA) for SOGo

Rublon Authentication Proxy

1. Edit the Rublon Auth Proxy configuration file and paste the previously copied values of System Token and Secret Key in system_token and secret_key, respectively.

2. Config example file in YAML:

log:
  debug: true

rublon:
  api_server: https://core.rublon.net
  system_token: YOURSYSTEMTOKEN
  secret_key: YOURSECRETKEY

proxy_servers:
- name: LDAP-Proxy
  type: LDAP
  ip: 0.0.0.0
  port: 636
  auth_source: LDAP_SOURCE_1
  auth_method: push, email
  rublon_section: rublon
  cert_path: /etc/ssl/certs/ca.crt
  pkey_path: /etc/ssl/certs/key.pem

auth_sources:
- name: LDAP_SOURCE_1
  type: LDAP
  ip: 192.0.2.0
  port: 636
  transport_type: ssl
  search_dn: dc=example,dc=org
  access_user_dn: cn=admin,dc=example,dc=org
  access_user_password: CHANGE_ME
  ca_certs_dir_path: /etc/ssl/certs/

See: How to set up LDAPS certificates in the Rublon Authentication Proxy?

SOGo

Open the sogo.conf file and add a “SOGoUserSources =” block with the LDAP information. Refer to the following final block and table.

SOGoUserSources = (
  {
    type = ldap;
    CNFieldName = cn;
    UIDFieldName = sAMAccountName;
    bindFields = (sAMAccountName, userPrincipalName);
    baseDN = "ou=Users,dc=my,dc=organization,dc=domain";
    bindDN = "CN=rublonadmin,OU=Rublon,DC=rublondemo,DC=local";
    bindPassword = "eHJFKF5jC5QqM6ci";
    canAuthenticate = YES;
    hostname = "ldaps://192.0.2.0:636";
    filter = "objectClass='user'";
    id = directory;
  }
);

For more information, refer to the official SOGo LDAP authentication documentation.

Testing Multi-Factor Authentication (MFA) for SOGo

This example portrays logging in to SOGo with Rublon Multi-Factor Authentication. Mobile Push has been set as the second factor in the Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Open the SOGo panel, enter your login and password, and press Enter.

2. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

3. You will be logged in to SOGo.

Troubleshooting MFA for SOGo

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations

The post Multi-Factor Authentication (2FA/MFA) for SOGo appeared first on Rublon.

API vs. SDK: What’s the Difference?

The main difference between an API and an SDK is their purpose and composition. An API is a set of protocols and definitions for building and integrating application software. In contrast, an SDK is a comprehensive toolkit that includes libraries, documentation, and code samples to develop software applications for a specific platform.

But there are many more differences than just that.

Here’s a handy table that outlines the most important differences between APIs and SDKs.

API vs. SDK: Differences Table

Practical Examples of APIs and SDKs

To better understand the differences, let’s look at practical examples.

APIs in Action:

• A weather application uses an API to fetch real-time weather data from a weather service.
• Social media platforms provide APIs that allow developers to integrate login or sharing features into their apps.
• Rublon uses APIs like the Rublon Admin API and Rublon REST API.

SDKs in Action:

• The Android SDK allows developers to create Android apps using tools and libraries specific to the Android platform.
• Game developers use the Unreal Engine SDK to build games with advanced graphics and physics.
• Rublon uses SDKs to add robust multi-factor authentication (MFA) to applications written in Java, PHP, and .NET.

Advantages of SDKs over APIs

Here are reasons why an SDK can be a better choice:

• SDKs provide all necessary tools for development, reducing time and effort.
• They include sample code and documentation, simplifying the learning process.
• SDKs offer debugging and testing tools, enhancing code quality.
• They enable seamless integration with the target platform.

Advantages of APIs over SDKs

Here’s why an API can be preferable:

• APIs enable interaction with existing services without building from scratch.
• They are lightweight and don’t require installing large toolkits.
• APIs offer flexibility across different programming languages.
• They allow integration with third-party services, expanding functionality.

When to Reach for Each

• Choose an API when you need to consume data or behaviour that already exists.
• Choose an SDK when you must build, test, and ship software that targets a specific platform or device.

Conclusion

APIs excel at connecting software; SDKs excel at creating software. Grounding your build-vs-integrate decisions in fresh statistics, real-world case studies, and authoritative standards ensures faster, safer, and more maintainable solutions.

Start Free Rublon MFA Trial Today

Try Rublon MFA free for 30 days

Protect your organization with phishing-resistant MFA authentication, utilizing the Rublon API and Rublon SDKs for different programming languages. Boost your security posture without complexity or cost.

To begin your Free Trial, click the button below.

The post API vs. SDK: What’s the Difference? appeared first on Rublon.

AES is a widely used symmetric encryption algorithm, while RSA is a well-known asymmetric encryption algorithm. Although people often mention “AES encryption” and “RSA encryption” in the same breath, they serve different purposes and operate in fundamentally different ways. This article will help you understand the differences between AES vs. RSA encryption.

What is Encryption?

Encryption is the process of converting readable data into an unreadable format to protect it from unauthorized access. There are two main types of encryption: symmetric encryption, where the same key is used for both encryption and decryption, and asymmetric encryption, which utilizes a pair of keys, of which one is public and one is private.

What is AES?

AES (Advanced Encryption Standard) is a symmetric encryption algorithm that uses the same key for both encryption and decryption. It is widely used for securing data at rest and in transit due to its speed and strong security.

What is RSA?

RSA (Rivest–Shamir–Adleman) is an asymmetric encryption algorithm that uses a public key to encrypt data and a private key to decrypt it. It is commonly used for secure key exchange, digital signatures, and encrypting small amounts of sensitive data.

AES vs. RSA: What’s the Difference?

The main difference between AES and RSA lies in their encryption methodology. AES is a symmetric encryption algorithm, meaning it uses the same key for both encryption and decryption. On the other hand, RSA is an asymmetric encryption algorithm that uses a pair of keys—a public key for encryption and a private key for decryption.

AES vs. RSA: Differences Table

Practical Examples of AES and RSA

To better understand the differences, let’s look at practical examples.

AES in Action:

• Encrypting files on a hard drive to protect against unauthorized access.
• Securing data transmitted over Wi-Fi networks.
• Protecting sensitive data in online transactions.

RSA in Action:

• Establishing a secure connection between a web browser and a server via HTTPS.
• Sending encrypted emails that can only be decrypted by the intended recipient.
• Generating key components (e.g., large primes) that are foundational for cryptographic operations in multi-factor authentication (MFA).

Advantages of AES over RSA

1. Speed and Efficiency: AES is faster and requires less computational power, making it ideal for encrypting large amounts of data.
2. Simplicity: Uses a single key for encryption and decryption, simplifying the encryption process.
3. Strong Security for Data at Rest: Excellent for encrypting stored data to prevent unauthorized access.

Advantages of RSA over AES

1. Secure Key Exchange: Enables secure transmission of data without sharing the private key.
2. Digital Signatures: Supports authentication through digital signatures, verifying the sender’s identity.
3. Data Integrity: Ensures that the data has not been tampered with during transmission.

Which Should You Choose?

That depends on your use case:

• Choose AES if you need fast, efficient encryption for large volumes of data, such as securing files, databases, VPN traffic, or full-disk encryption. It’s ideal when both sender and recipient can securely share the same key.
• Choose RSA when secure key exchange, digital signatures, or identity verification is required, especially in scenarios like HTTPS/TLS connections, encrypted email, or digital certificate infrastructure, where public-key cryptography is essential.

Conclusion

AES and RSA serve different but complementary roles in modern cryptography. AES offers speed and efficiency for encrypting large datasets, while RSA provides secure mechanisms for key exchange and authentication. Understanding their strengths will help you choose the right encryption approach for your specific security and performance requirements.

Start Free Rublon MFA Trial Today

To fully protect your organization, you need more than strong encryption. You need to ensure that only the right people get access in the first place.

This is where multi-factor authentication (MFA) comes in.

Try Rublon MFA free for 30 days to secure employee logins, roll out FIDO2 security keys and passkeys in minutes, and quickly strengthen your organization’s security posture.

To begin your Free Trial, click the button below.

The post AES vs. RSA: What’s the Difference? appeared first on Rublon.

Overview of MFA for Zabbix

This documentation describes how to integrate Rublon MFA with Zabbix using the LDAP(S) protocol to enable multi-factor authentication for logins to Zabbix.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push		N/A
WebAuthn/U2F Security Key	–	N/A
Passcode		N/A
SMS Passcode	–	N/A
SMS Link		N/A
Phone Call		N/A
QR Code	–	N/A
Email Link		N/A
YubiKey OTP Security Key		N/A

Demo Video

Before You Start Configuring MFA for Zabbix Using LDAP(S)

Before configuring Rublon MFA for Zabbix:

• Ensure you have prepared all required components.
• Create an application in the Rublon Admin Console.
• Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeIPA.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already, and configure the Rublon Authentication Proxy as an LDAP proxy.

3. Zabbix  – A properly installed and configured Zabbix.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application. 

3. Enter a name for your application (e.g., Zabbix) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

5. Copy the values of System Token and Secret Key of the newly created application. You will need them later.

Install Rublon Authenticator

Some end-users may use the Rublon Authenticator mobile app. So, as a person configuring MFA for Zabbix, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Zabbix via Mobile Push.

Download the Rublon Authenticator for:

• Android
• iOS
• HarmonyOS

Configuring Multi-Factor Authentication (MFA) for Zabbix Using LDAP(S)

Rublon Authentication Proxy

1. Edit the Rublon Auth Proxy configuration file and paste the previously copied values of System Token and Secret Key in system_token and secret_key, respectively.

2. Config example file in YAML:

log:
  debug: true

rublon:
  api_server: https://core.rublon.net
  system_token: YOURSYSTEMTOKEN
  secret_key: YOURSECRETKEY

proxy_servers:
- name: LDAP-Proxy
  type: LDAP
  ip: 0.0.0.0
  port: 636
  auth_source: LDAP_SOURCE_1
  auth_method: push, email
  rublon_section: rublon
  cert_path: /etc/ssl/certs/ca.crt
  pkey_path: /etc/ssl/certs/key.pem

auth_sources:
- name: LDAP_SOURCE_1
  type: LDAP
  ip: 172.16.0.127
  port: 636
  transport_type: ssl
  search_dn: dc=example,dc=org
  access_user_dn: cn=admin,dc=example,dc=org
  access_user_password: CHANGE_ME
  ca_certs_dir_path: /etc/ssl/certs/

Zabbix

1. Log in to the Zabbix admin panel.

2. In the left pane, select Users → Authentication → LDAP Settings.

3. Select Enable LDAP authentication and Enable JIT provisioning.

4. In Servers, select Add. Fill in the fields. Refer to the following image and table.

5. Select Test to test your configuration and then Add to save your new server.

6. Select Update again to save the changes to the LDAP settings.

7. In Authentication, set Default authentication to LDAP and select Update.

Testing Multi-Factor Authentication (MFA) for Zabbix Integrated Via LDAP(S)

This example portrays logging in to Zabbix with Rublon Multi-Factor Authentication. Mobile Push has been set as the second factor in the Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Log in to Zabbix as a user by entering your name and password and clicking Sign in.

2. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

3. You will be logged in to Zabbix.

Troubleshooting MFA for Zabbix Using LDAP(S)

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations

The post Multi-Factor Authentication (2FA/MFA) for Zabbix – LDAP(S) appeared first on Rublon.

Overview

Zabbix 2FA allows you to add an extra layer of security to your Zabbix logins. This document explains how to enable Rublon Multi-Factor Authentication (MFA) for users who log in to Zabbix. Rublon integrates with Zabbix using the Rublon Access Gateway. This document describes all required steps.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push		N/A
WebAuthn/U2F Security Key		N/A
Passcode		N/A
SMS Passcode		N/A
SMS Link		N/A
Phone Call		N/A
QR Code		N/A
Email Link		N/A
YubiKey OTP Security Key		N/A

Demo Video

Before you start

• Ensure you have installed and fully configured Zabbix
• Install php-openssl
• Install and configure Rublon Access Gateway before configuring Zabbix to work with it. Read the Rublon Access Gateway documentation and follow the steps in the Installation and Configuration sections. Then, follow the Configuration section in this document.

Configuration

Follow these steps to enable Rublon 2FA on Zabbix.

Zabbix Server

1. From the Zabbix root web directory, go to conf/certs.

2. The conf/certs directory should contain the following files:

• sp.crt – Zabbix domain certificate
• sp.key– Zabbix domain private key
• idp.crt – a certificate you can download from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE)

3. Ensure all three preceding files have the 644 permission.

To see if the file has the 644 permission, use the following command:

ls -alh

To set the 644 permission, use the following command:

chmod 644 <filename>

4. Go to the conf directory and open the zabbix.conf.php configuration file.

5. At the very end of the file, uncomment the lines for SAML.

Zabbix Frontend

1. Log in to the Zabbix admin panel.

2. In the left pane, select Administration → Authentication.

3. Select the SAML settings tab.

4. Check Enable SAML authentication and fill in the form. Refer to the following image and table.

5. Click Update to save your SAML settings.

Rublon Access Gateway

1. In Rublon Access Gateway, go to Applications → Add application.

2. Fill in the form and click SAVE to add a new application. Refer to the following image and table.

3. Your configuration is complete. You can now test your Zabbix 2FA integration.

Test Your Zabbix Integration

It’s time to test your configuration.

1. Go to your Zabbix Domain and click Sign in with Single Sign-On (SAML) at the bottom of the login form.

2. Rublon will redirect you to the Rublon Access Gateway login page.

3. Provide your username and password. Click SIGN IN. A window will appear with various 2FA options from Rublon. Let’s choose Mobile Push.

4. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

5. You will be successfully logged in to Zabbix.

Test Your Zabbix Login via the Rublon SSO Portal

If your Rublon 2FA works correctly, we recommend you also test logging in to Zabbix via the Rublon SSO Portal. You must configure the SSO Portal before you test this scenario. Refer to the Rublon SSO Portal documentation for all required information.

1. Open the Rublon SSO Portal in your web browser. You will be redirected to a login page.

2. Provide your username and password, and click SIGN IN.

3. A window will appear with various 2FA options from Rublon. Let’s choose Mobile Push.

4. You will receive a push notification. Tap APPROVE.

5. You will be logged in to the Rublon SSO Portal.

6. Click the Zabbix application tile.

7. Rublon will ask you to select the second-factor authentication method. Let’s select Mobile Push again.

8. Receive a Mobile Push and tap APPROVE.

9. You will be successfully logged in to Zabbix.

Troubleshooting

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Access Gateway

Rublon Access Gateway – Integrations

The post Multi-Factor Authentication (2FA/MFA) for Zabbix – SAML appeared first on Rublon.

The Integrated Dell Remote Access Controller (iDRAC) is a built-in management tool in Dell PowerEdge servers that enables secure, agent-free remote monitoring, configuration, and troubleshooting even when the server is powered off.

Multi-Factor Authentication (MFA) for Dell iDRAC adds an extra layer of security to iDRAC logins. Users must complete both primary (login/password) and secondary (e.g., Mobile Push) authentication. Even if a cybercriminal knows a user’s password, they will not gain access without completing the second step.

Overview of MFA for Dell iDRAC

This documentation describes how to integrate Rublon MFA with Dell iDRAC using the LDAP(S) protocol to enable multi-factor authentication for logins to the controller.

Rublon MFA for Dell iDRAC integrates via the Rublon Authentication Proxy, supporting the LDAP(S) protocol. It ensures that only authorized users can complete the secondary authentication method, denying access to potential intruders.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push		N/A
WebAuthn/U2F Security Key	–	N/A
Passcode		N/A
SMS Passcode	–	N/A
SMS Link		N/A
Phone Call		N/A
QR Code	–	N/A
Email Link		N/A
YubiKey OTP Security Key		N/A

Demo Video

Before You Start Configuring MFA for Dell iDRAC

Before configuring Rublon MFA for Dell iDRAC:

• Ensure you have prepared all required components.
• Create an application in the Rublon Admin Console.
• Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeIPA.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already, and configure the Rublon Authentication Proxy as an LDAP proxy.

3. Dell PowerEdge & iDRAC – A properly installed and configured Dell PowerEdge and Dell iDRAC. Tested on Dell PowerEdge R740xd and iDRAC9 Enterprise.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application. 

3. Enter a name for your application (e.g., Dell iDRAC) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

5. Copy the values of System Token and Secret Key of the newly created application. You will need them later.

Install Rublon Authenticator

Some end-users may use the Rublon Authenticator mobile app. So, as a person configuring MFA for Dell iDRAC, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Dell iDRAC via Mobile Push.

Download the Rublon Authenticator for:

• Android
• iOS
• HarmonyOS

Configuring Multi-Factor Authentication (MFA) for Dell iDRAC

Rublon Authentication Proxy

Edit the Rublon Auth Proxy configuration file and paste the previously copied values of System Token and Secret Key in system_token and secret_key, respectively.

2. Config example file in YAML:

log:
  debug: true

rublon:
  api_server: https://core.rublon.net
  system_token: YOURSYSTEMTOKEN
  secret_key: YOURSECRETKEY

proxy_servers:
- name: LDAP-Proxy
  type: LDAP
  ip: 0.0.0.0
  port: 636
  auth_source: LDAP_SOURCE_1
  auth_method: push, email
  rublon_section: rublon
  cert_path: /etc/ssl/certs/ca.crt
  pkey_path: /etc/ssl/certs/key.pem

auth_sources:
- name: LDAP_SOURCE_1
  type: LDAP
  ip: 192.0.2.0
  port: 636
  transport_type: ssl
  search_dn: dc=example,dc=org
  access_user_dn: cn=admin,dc=example,dc=org
  access_user_password: CHANGE_ME
  ca_certs_dir_path: /etc/ssl/certs/

See: How to set up LDAPS certificates in the Rublon Authentication Proxy?

Dell iDRAC

1. Sign in to the Dell iDRAC Web Console.

2. Go to iDRAC Settings → Users and expand Directory Services.

3. Select Generic LDAP Directory Services and select Enable to turn on the LDAP service.

4. Select Edit to open the Generic LDAP Configuration and Management window.

5. In Certificate Settings:

• If you are using LDAPS (recommended), set Certificate Validation to Enabled, upload the Directory Service CA certificate, and select Next.
• If you are using LDAP (not recommended), set Certificate Validation to Disabled and select Next.

6. In Common Settings, fill in the fields and select Next. Keep the remaining settings as default, or adjust them as needed. Refer to the following image and table.

7. In Standard Schema Role Groups, you can define up to 15 user groups and their permissions.

8. Double-click on any of the Role Group rows to edit it. Fill in the fields and select Save. Refer to the following image and table.

9. Back in the Generic LDAP Configuration and Management window, select Save to complete your configuration.

Testing Multi-Factor Authentication (MFA) for Dell iDRAC

This example portrays logging in to Dell iDRAC with Rublon Multi-Factor Authentication. Mobile Push has been set as the second factor in the Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Open the iDRAC Web Console, enter your login and password, and select Log in.

2. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

3. You will be logged in to iDRAC.

Troubleshooting MFA for Dell iDRAC

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations

The post Multi-Factor Authentication (2FA/MFA) for Dell iDRAC appeared first on Rublon.

Zimbra Collaboration is an open-source email and productivity suite that combines a mail server with a modern web client, featuring calendars, contacts, tasks, chat, and file-sharing capabilities.

Multi-Factor Authentication (MFA) for Zimbra Collaboration adds an extra layer of security to Zimbra logins. Users must complete both primary (login/password) and secondary (e.g., Mobile Push) authentication. Even if a cybercriminal knows a user’s password, they will not gain access without completing the second step.

Overview of MFA for Zimbra Collaboration

This documentation describes how to integrate Rublon MFA with Zimbra Collaboration using the LDAP protocol to enable multi-factor authentication for user logins.

Rublon MFA for Zimbra Collaboration integrates via the Rublon Authentication Proxy, supporting the LDAP protocol. It ensures that only authorized users can complete the secondary authentication method, denying access to potential intruders.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push		N/A
WebAuthn/U2F Security Key	–	N/A
Passcode		N/A
SMS Passcode	–	N/A
SMS Link		N/A
Phone Call		N/A
QR Code	–	N/A
Email Link		N/A
YubiKey OTP Security Key		N/A

Demo Video

Before You Start Configuring MFA for Zimbra Collaboration

Before configuring Rublon MFA for Zimbra Collaboration:

• Ensure you have prepared all required components.
• Create an application in the Rublon Admin Console.
• Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeIPA.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already, and configure the Rublon Authentication Proxy as an LDAP proxy.

3. Zimbra Collaboration – A properly installed and configured Zimbra Collaboration Server. Tested on Ver. 10.1.0.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application. 

3. Enter a name for your application (e.g., Zimbra Collaboration) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

5. Copy the values of System Token and Secret Key of the newly created application. You will need them later.

Install Rublon Authenticator

Some end-users may use the Rublon Authenticator mobile app. So, as a person configuring MFA for Zimbra Collaboration, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Zimbra Collaboration via Mobile Push.

Download the Rublon Authenticator for:

• Android
• iOS
• HarmonyOS

Configuring Multi-Factor Authentication (MFA) for Zimbra Collaboration

Rublon Authentication Proxy

1. Edit the Rublon Auth Proxy configuration file and paste the previously copied values of System Token and Secret Key in system_token and secret_key, respectively.

2. Config example file in YAML:

log:
  debug: true

rublon:
  api_server: https://core.rublon.net
  system_token: token_from_admin_console
  secret_key: secret_from_admin_console

proxy_servers:
  - name: LDAP-Proxy
    type: LDAP
    ip: 0.0.0.0
    port: 389
    transport_type: plain
    auth_source: LDAP_SOURCE_1
    auth_method: push,email

auth_sources:
  - name: LDAP_SOURCE_1
    type: LDAP
    ip: x.x.x.x 
    port: 389
    search_dn: DC=domain,DC=local
    access_user_dn: CN=rap,OU=RUBLON,DC=domain,DC=local
    access_user_password: P@ssw0rd123

Creating a Domain

1. Log in to the Zimbra Administration Console.

2. In the left pane, go to Configure → Domains. Then, select the gear icon in the upper-right corner and select New.

3. In General Information, enter the domain name and select Next.

4. In GAL Mode Settings, select your Mail Server from the dropdown list. Keep the remaining settings as default, or adjust them as needed. Then select Next.

5. In SSO, keep all settings as default and select Next.

6. In Authentication Mode, fill in the fields and select Next. Refer to the following image and table.

7. In Authentication Settings Summary, review the summary of your LDAP Proxy configuration and select Next.

8. The remaining tabs are optional and can be skipped. Select Finish to complete your domain configuration.

Configuring Authentication for the Domain

1. In the left pane of the Zimbra Administration Console, go to Configure → Domains and choose your domain. Then, select the gear icon in the upper-right corner and select Configure Authentication.

2. A new window will pop up with the authentication configuration wizard. In Authentication Mode, choose External Active Directory and select Next.

3. In Authentication Settings, fill in the fields and select Next. Refer to the following image and table.

4. In LDAP Bind, fill in the fields and select Next. Refer to the following image and table.

5. The remaining tabs are optional and can be skipped. Select Finish to complete your domain authentication configuration.

Configuring MFA for Users and Administrators

1. In the left pane, go to Manage → Accounts, choose the user (or admin), select the gear icon in the upper-right corner, and select Edit.

2. In General Information, fill in the fields. Refer to the following image and table.

3. Keep the remaining settings as default, or adjust them as needed, and select Save to save the changes.

Testing Multi-Factor Authentication (MFA) for Zimbra Collaboration

This example portrays logging in to Zimbra Collaboration with Rublon Multi-Factor Authentication. Mobile Push has been set as the second factor in the Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Open the Zimbra GUI portal, enter your login and password, and select Log in.

2. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

3. You will be logged in to Zimbra.

Troubleshooting MFA for Zimbra Collaboration

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations

The post Multi-Factor Authentication (2FA/MFA) for Zimbra Collaboration appeared first on Rublon.

When secret_source is set to env, each secret’s value in the config file becomes the name of an environment variable, and Auth Proxy reads the actual secret value from that variable.

The Rublon Authentication Proxy secrets are:

• rublon section:
  • system_token
  • secret_key
• proxy_servers section:
  • RADIUS:
    • radius_secret
  • LDAP:
    • pkey_password (if used)
• auth_sources section:
  • RADIUS:
    • radius_secret
  • LDAP:
    • access_user_password

Configuration Example

log:
  debug: false

global:
  secret_source: env

rublon:
  api_server: https://core.rublon.net
  system_token: SYSTEM_TOKEN
  secret_key: SECRET_KEY

proxy_servers:
  - name: RADIUS-Proxy
    type: RADIUS
    radius_secret: RADIUS_SECRET
    ip: 0.0.0.0
    port: 1812
    mode: standard
    auth_source: LDAP_SOURCE_1
    auth_method: email

  - name: LDAP-Proxy
    type: LDAP
    ip: 0.0.0.0
    port: 389
    auth_source: LDAP_SOURCE_1
    auth_method: email

auth_sources:
  - name: LDAP_SOURCE_1
    type: LDAP
    ip: 127.0.2.0
    port: 389
    transport_type: plain
    search_dn: OU=Organization,DC=org,DC=com
    access_user_dn: CN=AccessUser,OU=Organization,DC=org,DC=com
    access_user_password: ACCESS_USER_PW

  - name: RADIUS_SOURCE_1
    type: RADIUS
    ip: 127.0.1.0
    port: 1812
    radius_secret: RADIUS_SECRET

The preceding example sets secret_source to env. This means that the Rublon Auth Proxy will now treat the config file’s secret values as names of the environment variables to retrieve the actual secrets from the system. In this example, the Auth Proxy expects to find four variables defined in the system:

• SYSTEM_TOKEN
• SECRET_KEY
• RADIUS_SECRET (used twice)
• ACCESS_USER_PW

Setting Environment Variables (Windows)

After the installation of the Rublon Authentication Proxy on your Windows machine:

1. Open the Registry Editor.

2. Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RublonAuthProxy.

3. Add a new Multi-String Value (REG_MULTI_SZ) named Environment and add these lines in value data:

SYSTEM_TOKEN=token_value_here
SECRET_KEY=secret_value_here
RADIUS_SECRET=radius_secret_here
ACCESS_USER_PW=access_user_password_here

4. Restart the Rublon Authentication Proxy service.

Setting Environment Variables (Linux)

After the installation of Rublon Authentication Proxy on your Linux machine:

1. Run:

systemctl edit rublon

2. Modify the service file by setting environment variables like this:

[Service]
Environment="SYSTEM_TOKEN=token_value_here"
Environment="SECRET_KEY=secret_value_here"
Environment="RADIUS_SECRET=radius_secret_here"
Environment="ACCESS_USER_PW=access_user_password_here"

3. Save the file and restart the proxy service:

systemctl restart rublon

Updating Environment Variables

Every time you change the environment variables used by the Rublon Authentication Proxy, you must restart the Auth Proxy service to apply the new values. The Auth Proxy reads environment variables at start-up and does not automatically update them later.

Benefits of Setting Secrets in Environment Variables

• No Plaintext Secrets in Config File. The Auth Proxy config file contains environment variable names, not secret values. You do not have to redact anything before sharing the config file with the Rublon Support.
• Simpler Update. Update the environment variables without touching the Auth Proxy config file. Simply restart the proxy after the update.
• Separation of Duties. One admin can manage secret values in environment variables, while another admin can maintain the Auth Proxy config file.
• Works with Standard Tooling. Systemd, Windows Services, containers, and CI/CD all support injecting environment variables.

Summary

Switching secret_source to env keeps sensitive values out of the Auth Proxy config file and loads them from the operating system instead. Define the required environment variables, update the proxy config to reference their names, and restart the proxy service to apply changes. This approach yields cleaner configs and reduces accidental secret exposure in files.

The post Configuring the Rublon Authentication Proxy Secret Source appeared first on Rublon.

YubiKey is a popular brand of hardware security keys, while FIDO2 is an open standard used by many security key manufacturers. Although people often use “FIDO2 security key” and “YubiKey” interchangeably, they are not the same thing. This article will help you learn about the differences between YubiKey vs. FIDO2 security key.

What is FIDO2?

FIDO2 is an open, vendor-neutral standard (WebAuthn + CTAP2) that enables passwordless or phishing-resistant multi-factor authentication (MFA) across browsers, platforms, and devices.

What is a FIDO2 Security Key?

A FIDO2 security key is a dedicated hardware authenticator (usually a USB or NFC key fob) that implements the FIDO2 standard for user verification and secure cryptographic signing.

What is a YubiKey?

YubiKey is Yubico’s proprietary family of hardware security keys. Most current models support FIDO2 alongside additional protocols such as FIDO U2F, Smart Card (PIV), OpenPGP, Yubico OTP, and challenge-response (HMAC-SHA-1).

YubiKey vs. FIDO2 Security Key: What’s the Difference?

The main difference is that YubiKey is a product line developed by Yubico, implementing several standards (including FIDO2, FIDO U2F, and more). In contrast, a FIDO2 security key could come from different vendors, as long as it implements the FIDO2 standard.

YubiKey vs. FIDO2 Security Key: Differences Table

* Legacy YubiKey Standard/Nano (OTP-only) and YubiKey 4 (FIDO U2F, no FIDO2) differ

Distinguishing Between YubiKeys and FIDO2 Security Keys

• Not every YubiKey is FIDO2-capable (legacy YubiKey Standard and Nano only support OTP and U2F).
• Not every FIDO2 security key is a YubiKey. Google Titan, Feitian BioPass K27, and Solo V2 are some of the many alternatives.
• For regulated environments (PCI DSS, HIPAA, NIS2), ensure the device has at least FIDO Authenticator Level 2 certification.

Advantages of YubiKey Over Other Brands of FIDO2 Security Key

1. FIPS options & higher FIDO levels. YubiKey offers FIPS 140-validated variants (Level 2/3) and models certified at FIDO Authenticator Level 2/3, useful for regulated environments.
2. Broader protocol coverage. Beyond FIDO2/U2F, many models add PIV smart-card (CCID), OpenPGP, Yubico OTP, and HMAC-SHA1, so one key can cover smart-card and signing workflows.
3. Proven Brand and Quality. YubiKey has a track record of sturdy builds and reliable firmware updates. This is crucial for ensuring consistent performance across various platforms.
4. Firmware Trust. Yubico tests its firmware extensively. Users gain confidence knowing their keys adhere to stringent security standards beyond FIDO2.
5. NFC and Biometric Models. Some YubiKeys offer NFC support or integrated fingerprint scanning, which can further streamline and secure authentication flows.

Advantages of Other Brands of FIDO2 Security Key over YubiKey

1. Price Range. Some FIDO2 keys might be more affordable versus YubiKey, especially if you do not need special features, such as biometrics and NFC.
2. Bluetooth Low Energy (BLE) transport. Several FIDO2 keys (like Thetis BLE FIDO2 Security Key) support BLE for cases where USB/NFC are not available. This transport type is not supported by YubiKeys.
3. Open-source options. Some keys (e.g., Solo V2) ship with open firmware, offering transparency versus YubiKey’s signed, closed-source approach.
4. Vendor Variety. FIDO2 is an open standard, which gives you many brands to choose from.

Which Should You Choose?

That depends on your needs:

• Choose YubiKey if you want a single, enterprise-grade key that combines FIDO2 with PIV smart-card and OpenPGP support in a tamper-resistant form factor, with the option of FIPS-validated models for regulated environments.
• Choose a generic FIDO2 security key when a lower unit cost or vendor-diversity policy is paramount, or when you need features like BLE connectivity or fully open-source firmware.

Either way, modern MFA providers like Rublon MFA support both YubiKeys and FIDO2 Security Keys of other brands, as well as older FIDO U2F keys and FIDO2 software passkeys. This allows organizations more flexibility when deciding on FIDO2 Security Key vs. YubiKey.

Looking for FIDO2 Security Keys? We Got Them!

Need reliable FIDO2 security keys for your staff or customers? We can help you choose the right models.

Start Free Rublon MFA Trial Today

Try Rublon MFA free for 30 days: enable phishing-resistant MFA logins, roll out FIDO2 security keys and passkeys in minutes, and see how easily you can raise your organization’s security posture.

To begin your Free Trial, click the button below.

The post YubiKey vs. FIDO2 Security Key: What’s the Difference? appeared first on Rublon.