- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 07:09 AM
Hi There!
Can someone please let me know which is the best CI-Class for using Yubikey Token which is physical device for using as authentication token. Currently I have requirement to manage Yubikey devices in CMDB.
Regards;
Mithun Mohan S
Hardware Asset Management Practice Owner
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 11:28 AM
At a quick glance through the class manager, I would recommend Configuration Item > Hardware > IoT Device > Security Device (cmdb_ci_security) or another IoT Device class. This is based on the generic definition of yubikey:
"A YubiKey is a physical security device that helps protect access to online services, networks, and computers. It's a small USB or NFC-enabled key that's used as part of a multi-factor or two-factor authentication system."
However, there are likely other candidates and arguments for creating your own subclass. For instance, you may already be using the security device class for badge readers and wish to keep yubikeys separate. I would meet with your enterprise architects / config control board and discuss which option best fits.
Hope this helps,
Josh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 11:28 AM
At a quick glance through the class manager, I would recommend Configuration Item > Hardware > IoT Device > Security Device (cmdb_ci_security) or another IoT Device class. This is based on the generic definition of yubikey:
"A YubiKey is a physical security device that helps protect access to online services, networks, and computers. It's a small USB or NFC-enabled key that's used as part of a multi-factor or two-factor authentication system."
However, there are likely other candidates and arguments for creating your own subclass. For instance, you may already be using the security device class for badge readers and wish to keep yubikeys separate. I would meet with your enterprise architects / config control board and discuss which option best fits.
Hope this helps,
Josh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 05:50 PM
Thanks @Josh for your immediate response.
I would agree on your recommendation in-fact I also seen the same CI Class is as best suitable. Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 11:29 AM
Hi Mithun,
In my opinion, the YubiKey Token is a Service Offering that may be a part of the Technical Service called Hardware Authentication. Tracking them as a Serice Offering will allow the service owner to track incidents against devices and allow incidents to be escalated to the appropriate team. If you move to another type of technology because there are less issues then you would retire the old YubiKey Token service offering and create a new Service Offering to represent the new technology. I don't think you would track the individual assets as CIs unless there is some way to automatically discover them, which is more about the science of how discovered assets are tracked. From an asset perspective, you may want to track them as serialized assets because of the risk associated with the devices and you can make sure they are tracked and recovered, but I wouldn't create individual CIs.
Thanks,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 01:36 PM
Mithun,
It might be better if you can elaborate why you would like to track the YubiKey Token as a CI, then the community can better assist you with what you are trying to accomplish.
Thanks,
Jeff
