| | 65 | |
| | 66 | === Use !YubiKey for 2FA === |
| | 67 | |
| | 68 | 1. Obtain a !YubiKey supporting OTP in form factor that works for you: |
| | 69 | https://www.yubico.com/products/yubikey-hardware/ |
| | 70 | |
| | 71 | 2. Download the !YubiKey Personalization Tool: |
| | 72 | https://www.yubico.com/support/knowledge-base/categories/articles/yubikey-personalization-tools/ |
| | 73 | |
| | 74 | 3. Configure your !ubiKey for OTP in one of its two (virtual) slots* (generally shipped already programmed for OTP in slot 1) using the Duo guide: |
| | 75 | https://duo.com/docs/yubikey |
| | 76 | |
| | 77 | 4. Send the CSV string with digital serial no, 6 byte private id, 16 bit secret key (like this:) |
| | 78 | {{{4475749, e7 fe 84 57 55 d4, 81 84 65 01 22 db e5 00 57 f9 68 92 7f 22 4b 6a}}} [[BR]] |
| | 79 | to IAM or Security, noting your UA Username, which is the Duo account to which the token will be attached. |
| | 80 | |
| | 81 | 5. IAM or Security will upload the CSV string to import your token, and assign it to your ID at Duo[[BR]] |
| | 82 | 6. When integrated (step 5), you can use the YubiKey to send the second factor passcode |
| | 83 | |
| | 84 | 6.1 for web logins using Chrome browser, touch the key when presented with the second factor dialog box; |
| | 85 | there is a tell-tale message in blue banner in the pane: |
| | 86 | image.png |
| | 87 | |
| | 88 | 6.2 for VPN login: |
| | 89 | In the password field type your password followed by comma then touch your key*; that is, |
| | 90 | |
| | 91 | {{{password,}}} |
| | 92 | then touch your key, which enters a one-time passcode. |
| | 93 | |
| | 94 | *Which of the !YubiKey's two (virtual) slots is used is determined by the duration of your touch. The first slot is used to generate the output when the YubiKey button is touched between 0.3 to 1.5 seconds and released and the second slot is used if the button is touched between 2 to 5 seconds. |
| | 95 | |
| | 96 | |
| | 97 | |
| | 98 | |
