AustinL.70967 (Customer) asked a question.
Okta not recognizing Yubico Security key
Hello,
We have recently purchased a Security Key C NFC by Yubico in order to use it as a method for FIDO authentication. I made a authenticator group to only allow this key to be used in FIDO2 factor enrollment. When testing, a user cannot set up the security key as it states that the organization does not allow this authenticator. When manually assigning the key to the user using admin, it shows the name of the key meaning that it recognizes it. For testing purposes, I put all Yubico keys in the authenticator group and it still won't let the user setup the key.
Hello @AustinL.70967 (Customer) Thank you for reacting out to our Community!
If you receive that, it would indicate that the enrolment policy might not be setup correctly. We also recommend to review the system log to see what policy that test user is hitting and adjust the policy.
Please see our enrolment policy and FIDO2 doc below:
https://help.okta.com/en-us/Content/Topics/Security/policies/configure-mfa-policies.htm
https://help.okta.com/oie/en-us/Content/Topics/identity-engine/authenticators/configure-webauthn.htm
Community members help others by clicking Like or Select as Best on responses. Try it today.
I believe that the enrollment policy is set up correctly. If I change the enrollment policy for FIDO2 to "Any WebAuthn Authenticators", then the user is able to enrollment themselves using the key. It only errors out when trying to use the option "Authenticators from selected group list" and putting the Yubikey in the assigned Authenticator group. Nothing shows up on the system log when it errors out.
any update on this? i am having the same issue with Yubikey 5 NFC, @AustinL.70967 (Customer) were u able to fix this issue?, if so please let me know how