Enroll a YubiKey hardware token for use with Duo

Tags PK18

Issue/Question

  • How do I enroll a YubiKey hardware token for use with Duo?
  • I want to set up and enroll a hardware token for use with Duo Security
  • I want to use my YubiKey to authenticate throught VPN

Scope

  • On 19 December 2018, Duo Security was implemented as the system-wide, two-factor authentication security application used at Miami University
  • This policy affects all current Miami University students, faculty, and staff
    • Miami's alumni, retiree, and emeriti populations are not required to enroll in Duo and will continue to use their Miami password
  • Answers for frequently asked questions about Duo Security

User

  • All current Miami University Students, Faculty, and Staff

Environment

  • 312306: Duo Security Two-factor Authentication
  • YubiKey 4 or 5 Series Security Key
    • YubiKey hardware token, Yubi
    • U2F hardware device
    • U2F authenticator
    • U2F security token
  • Chrome

Rationale

  • Two-factor authentication adds a second layer of security to your Miami account. It allows you to verify your identity using a second factor — your smartphone or other mobile device, U2F device, or landline — and prevents anyone else from logging in to your account
  • MUIT recommends and supports the use of a YubiKey hardware device for U2F authentication with Duo

Resolution 

  1. In your Chrome browser, go to the Yubico site to start the YubiKey personalization tool
  2. Insert the YubiKey into the USB port of your device and wait for it to be recognized by the tool
  3. Click Yubico OTP mode
  4. Click Quick
  5. Select configuration slot 1
    • Select slot 2, if slot 1 has already been configured for another use
  6. Click Regenerate
  7. Clear the Hide values check box and take note of the serial number (in decimal), Private Identity, and Secret Key
  8. Click Write Configuration 
    • It may be necessary to confirm yes to overwrite and supply a logfile name and destination. Overwriting will not affect the YubiKey's use in U2F mode (when using the YubiKey for authenticating through a web browser), but could overwrite a previous configuration for OTP mode. f you currently use your YubiKey in OTP mode for some other purpose and don't want to overwrite that configuration, you should select a different slot than that selected in step 5 above
  9. Log in to the Duo Self Service Portal — here's how
  10. Click Add a new device
  11. Select U2F
    • A pop-up will prompt you to touch the YubiKey
  12. Click Continue to Login
  13. You will be prompted once more to touch the YubiKey to complete the authentication
  • Important Note: If you intend to use a Yubikey when authenticating with Duo to VPN, you must have the YubiKey configured by a Duo Administrator in the Duo Admin console. To make this request, email IT Help at ITHelp@MiamioOH.edu and ask for your YubiKey token to be configured for use with VPN. IT Services will call you back and ask for three pieces of information about your YubiKey — the serial number, private identity and secret key — which you will find in the YubiKey personalization tool

 

Notes

 

Was this helpful?
0 reviews

Details

Article ID: 60340
Created
Tue 8/14/18 12:33 PM
Modified
Tue 9/3/19 10:59 AM
Can you resolve this issue yourself?
Yes! This is self-service with a smile.