
JordanL.15958 (Customer) asked a question.
Is it possible for an Okta admin to determine which user(s) a given FIDO2 security key is registered to via serial number?
For example, a user loses their Yubico 5 Series security key and it is returned to the IT helpdesk. One of the organization's Okta admins would like to look up the serial number printed on the Yubikey in the Okta Admin Console and determine which user or users have registered that particular security key so that it may be returned to them.

Hi, @JordanL.15958 (Customer)
Thank you for posting on our Community page!
Here is an useful article on how to enroll the Yubikey for users:
https://help.okta.com/oie/en-us/content/topics/identity-engine/authenticators/configure-webauthn.htm
Additionally, the idea of a report showing tokens is under review (see https://ideas.okta.com/app/#/case/171423?section=requests )
so keep an eye on the roadmap to see if/when it goes live.
https://support.okta.com/help/s/productroadmap
Thank you for reaching out to our Community and have a great day!
Ask the experts about Okta Privileged Access
_____________________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________
Thanks @User16594883467582706479 (Customer Support Online Experience) for this information. The Okta Idea you referenced appears to correspond to devices enrolled via Okta Verify, Fastpass, etc. I'm primarily looking for information on FIDO2/WebAuthn authenticators. This can include smartphone devices, but would also include FIDO2 security keys. FIDO2/WebAuthn authenticators do not appear to be within scope of the referenced Okta Idea. Currently I'm not aware of any report that list all security keys registered within an Okta tenant, or assist with matching a security key with a known serial number to the user(s) who registered it.