A YubiKey is a security key used as a physical Multi-Factor Authentication (MFA) device. Each serial number is unique, and when it is assigned to one user who is no longer active, that particular serial number might appear with a block status in the system log or YubiKey report.

This article presents the steps that might solve the issue of a blocked YubiKey. 

• Multi-Factor Authentication (MFA)

The user for whom the YubiKey was assigned is no longer active, or it was deprovisioned. 

To solve the blocked YubiKey issue:

1. Revoke the blocked YubiKey: 

Okta Identity Engine (OIE)	Okta Classic Engine
In the Admin Console, go to Security > Authenticators > Setup tab. Under YubiKey, go to Actions > select Revoke YubiKey OTP > enter the YubiKey Serial Number > Find.  Then click Revoke. The confirmation message appears. Click Done.	In the Admin Console: Go to > Security > Multifactor >  Factor Types tab. Enter the serial number into the Revoke YubiKey Seed field and click Find YubiKey. Information about the YubiKey appears. Click Delete. The confirmation message appears. Click Done.

2. Re-enroll it: re-upload the seed file into the Upload YoubiKey Seed File section by clicking the Browse button and selecting the relevant seed file. Once the file is selected and uploaded, press the Add button in the bottom right corner.  
   
   Optional Step: After the blocked YubiKey was revoked and before re-uploading it, it might be necessary to reprogram the seed file, so please consult the Programming YubiKeys for Okta Adaptive MFA documentation.
    

Related References

• YubiKey (MFA)  
• Configure the YubiKey OTP authenticator
• Okta and YubiKeys