Yubikey FIDO U2F supported? Skip to main content
https://support.okta.com/help/answers?id=9062a000000xzzjqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Michael MongeauMichael Mongeau 

Yubikey FIDO U2F supported?

Is the Yubikey FIDO U2F security key supported by Okta for use with legacy MFA?

https://www.yubico.com/products/yubikey-hardware/fido-u2f-security-key/

Thanks,

 Michael
 
Mihai BalasaMihai Balasa (Okta, Inc.)
Hello Michael,

The Yubikey MFA option is dependent on the Adaptive MFA feature.

The configuration guide here: https://support.okta.com/help/Documentation/Knowledge_Article/Using-YubiKey-Authentication-in-Okta

Thank you,
Mihai Balasa
Okta, Tier 2 Support
Michael MongeauMichael Mongeau
Are you certain it is dependent on Adaptive MFA?  We do not currently have Adaptive MFA but I can see the YubiKey option under Security / Authentication.

From what I have read Adaptive MFA is just an intelligent analytics engine that can dynamically assign risk and take action based on behavior. I am just looking to use the YubiKey as a second factor for MFA.

 
Michael MongeauMichael Mongeau
You should do your research before posting incorrect information.  My account manager sent me this document showing Okta MFA Features by Product and the Yubikey is supported with Legacy MFA.

User-added image.  

 
Michael MongeauMichael Mongeau

I am answering my own question for the benefit of others who may read this.

The YubiKey FIDO U2F cannot generate one-time passwords so it is not suited for applications that require OTP as a second factor.   They are not recognized by the Yubico Personalization Tool used to generate the seed file to register the keys in Okta.    

The keys can only be used with browsers that support them (currently Chrome and Firefox with a plugin).  The target application or service must also support them.   A list of those services can be found here.

              https://www.yubico.com/solutions/fido-u2f/

Okta currently has early release support for FIDO U2F keys, so they will be supported for browser-based applications in the future.