<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Reassign a YubiKey to Another User
Feb 4, 2026
Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine
Overview

This article provides steps on how to reassign a YubiKey to another user.

Applies To
  • Multi-Factor Authentication (MFA)
  • YubiKey
Solution

To re-assign the YubiKey to another user, please follow the steps below.

 

Classic Tenant

  1. First, an MFA reset is needed for the user who previously had the YubiKey in question assigned.
  2. Locate the Multifactor menu in the Admin Console.
  3. Under Factor Type > select YubiKey.
  4. Under Revoke YubiKey Seed, enter the YubiKey Serial number that needs to be re-assigned to another user and click on the Find YubiKey button. The following Prompt should be received:

    Find YubiKey  Delete YubiKey
  1. Click on Delete. This will revoke and delete the key from Okta's database. However, the status will appear UNASSIGNED until the end user enrolls their YubiKey.
  2. If one can locate the serial number in the Report or it shows as Revoke, it means the YubiKey has already been deleted from the database, and a CSV for this YubiKey that contains the serial number, public ID, private ID, and AES key needs to be manually created.
  3. Upload the seed file again, and then it should be possible to re-assign the YubiKey to another user. Please review Enroll a YubiKey for the first time on a desktop browser.

 

Okta Identity Engine (OIE) Tenant

  1. First, an MFA reset is needed for the user who previously had the YubiKey in question assigned.
  2. Locate the Authenticators menu in the Admin Console.
  3. Under Setup > Select Actions under YubiKey OTP.
  4. Then Choose Revoke YubiKey OTP.
    Revoke Yubikey 
  5. Search the YubiKey Serial Number and hit Find.
    Find YubiKey Serial Number 
  6. Then select Revoke.
    Revoke YubiKey 
  7. This will revoke and delete the key from Okta's database. However, the status will appear UNASSIGNED (Check YubiKey Report) until the end user enrolls their YubiKey.
  8. If one can locate the serial number in the Report or it shows as Revoke, it means the YubiKey has already been deleted from the database, and a CSV for this YubiKey that contains the serial number, public ID, private ID, and AES key needs to be manually created.
  9. Upload the seed file again, and then it should be possible to re-assign the YubiKey to another user. Please review: Enroll a YubiKey on a desktop browser.

 

Related References

Recommended content

Still looking for help?
Loading
How to Reassign a YubiKey to Another User