YubiOn Portal Guide > Operation list > 2FA Service > How to install mac login

How to install mac login

About paid plans

This function is for paid plans (Premium).
Please purchase a plan when using this service.

Before use

System requirements
Please make sure to check the system requirements before installing Mac Login.
PC registration
Please register PCs by CSV referring to the introduction manual. This installation procedure assumes that you have already registered your PC.
Administrator authority
Installation requires Mac administrator privileges.
YubiKey settings
Mac login uses YubiKey's challenge response feature for two-factor authentication. Please be sure to configure YubiKey's Challenge Response settings before use.
Network conditions during installation
Be sure to connect to the network before installation. If you are not connected to the network, you will not be able to install the software successfully.
Backup
Be sure to create a Time Machine backup before use.
Use of anti-virus software
Use of anti-virus security software, etc. may interfere with the login operation of this software. Please refer to the Exclusion setting of antivirus software for Mac login to set up the exclusion.

Pre-Installation settings

Mac Login Service has the ability to log location information.
To enable this feature, please make sure that the following location services are enabled.

1. System Preferences > Security and Privacy > Privacy > Location Services
　Make sure “Enable Location Based Services” is checked.

If “Enable Location Based Services” is checked, please proceed to the installation procedure.
If “Enable Location Based Services” is not checked, please do the following

2. Click on the “key” icon in the lower left corner and enter your “user name” and “password”.
　Click “Unlock” to continue.

3. Check the “Enable Location Based Services” checkbox.

4. Click on the “key” icon, then click on the “Close” button in the upper left corner.

This is all that is required before installation.

Install

Insert the YubiKey into the USB port.
Be sure to insert YubiKey because it is included to detect and work with YubiKey at the completion of installation.
Run the downloaded installer.

If the message ““YubiOnPortalClient.pkg” is an application downloaded from the Internet. Are you sure you want to open it?” is displayed, click “Open”.

If it does not open, click “YubiOnPortalClient.pkg” while holding down the Control button and click “Open”.
Click “Continue.”
Read “Important Information” and click “Continue.”
Read the “License Agreement” and click “Continue”.
Click “I agree.”
Click “Install.”
Read the instructions and click “Continue Installation”.
Administrative privileges on the macOS device are required.
Enter your “User Name” and “Password” and click “Install Software”.

After the installation is complete, several pop-ups will appear in addition to the installation complete screen.
Click “Close.”

If the message “Do you want to put the “YubiOn Portal Client” installer in the Trash?” If the message “Do you want to put the installer of “YubiOn Portal Client” in the Trash?

Location and Notification settings

Click “OK” when a pop-up window appears to allow the use of location information.

If the OS is Big Sur, Monterey, or Ventura

Please set up after rebooting as it will be displayed after rebooting.

Open System Preferences > Security and Privacy > Privacy > Location Services.
If “PortalPreloginAgent” is checked, the setting is complete.

If you do not see the above pop-up, such as during reinstallation, check the “PortalPreloginAgent” checkbox after reboot.
Click “Allow” when the notification permission pop-up appears.

If the OS is Big Sur, Monterey, or Ventura

Please set up after rebooting as it will be displayed after rebooting.
Open System Preferences > Notifications > PortalPreloginAgent and if it is set as follows, you are done.
- Allow notification from PortalPreloginAgent” is enabled
- Show notification preview” is checked and “Always” is selected.
  ※For Big Sur, Monterey, and Ventura, “Always” is selected under “Show Preview
If you do not see the above pop-up, for example when reinstalling, please go to System Preferences > Notifications and configure your settings.

Security and Privacy settings

Security and privacy settings are required for each operating system to use the Mac login service.
Please see below for information on security and privacy settings.

Security and Privacy setting items

The following settings are required for security and privacy

Location-based services
Already set up in Location and Notification settings.
Input monitoring
Added “DeviceLocker” and “YubiOnPortalLoginHelper.
Full disk access
Added “PortalPreloginAgent” and “YubiOnPortalLoginHelper”.

A confirmation pop-up for the keystroke will appear.

Receiving keystrokes

The “Receive Keystrokes” pop-up may not appear. If it does not appear, open the System Preferences screen and continue with the settings.

If it does not appear, open the System Preferences screen and continue with the settings.

DeviceLocker” will be added to the input monitoring.

If you do not see the above pop-up, such as during reinstallation, go to System Preferences > Security and Privacy > Input Monitoring.
To change settings, click the “key” icon in the lower left corner of the screen.
Enter your “User Name” and “Password” and click “Unlock” when prompted for administrative privileges.

Input monitoring settings

Click on “Input Monitoring,” then click on “+.”
Select “Macintosh HD.”
Click on Library > PrivilegedHelperTools > YubiOnPortalLoginHelper and click “Open”.
「Check the box to the left of “DeviceLocker.
If “DeviceLocker” is not listed, click the “+” button and add “DeviceLocker” from “Applications”.
When a confirmation message is displayed, click “Do Later.

Full disk access settings

Click on “Full Disk Access.”
Check the checkbox on the left side of “YubiOnPortalLoginHelper”.
Check the box to the left of “PortalPreloginAgent.
If “YubiOnPortalLoginHelper” and “PortalPreloginAgent” are not in the table, click the “+” button and add them from the following location.
Select “Macintosh HD
Click on Library > PrivilegedHelperTools > YubiOnPortalLoginHelper and click “Open”.
When a confirmation message appears, click “Do it later.
After setting the above, check the “Do not display in the future” checkbox and click the “Close” button.

Reflection of settings

Click on the “key” icon in the lower left corner, then click on the “Close” button in the upper left corner.
Restart the terminal.
The settings will not be reflected unless the system is rebooted.Be sure to reboot.
When rebooting, it works fine even if YubiKey is plugged into the device.

After rebooting, please log in to the terminal.

*Setting is not complete at this stage. To set up login using YubiKey, you need to configure the client tool.

If the OS is Big Sur or Monterey

Permission to use location information and notification will be granted after restart.

Please allow the following various pop-ups and change the settings.

Permission to launch “PortalPreloginAgent” application

Permission to use location information
If this pop-up does not allow you to do so, please check your location notification settings and set your permission settings.

Permission to launch “DeviceLocker” application

Allow notification
A notification notice appears in the upper right corner of the screen.
Please check your your location notification settings and allow notifications from the system settings.

That’s it for the Mac login installation.
To enable two-factor authentication for a device, you will need to operate the configuration tool.