Key Attestation for YubiKey PIV Certificate Enrollment

Increase YubiKey security: Set up Key Attestation in Appterix

This video shows you how to use Key Attestation in Appterix to ensure that Active Directory certificates are generated and stored exclusively on authorized YubiKeys. Learn how to define granular attestation policies to enforce hardware compliance within your organization.

What you will learn in this video

– Define requirements: This is how you define criteria such as PIN policies, touch policy, and form factor.
– Enforce hardware specs: Require minimum firmware versions (e.g. 5.7.1) and specific key algorithms (RSA/ECC).
– Secure the enrollment process: Integrate Key Attestation into existing enrollment policies for certificate-based authentication.
– AD security: Prevent key material from ending up on unauthorized YubiKeys.

To the video: https://youtu.be/7Zbxn1prp-4