Yubikey hardware token

Adding the yubikey as a MFA for Umu-id

Note: First install the Yubico Authenticator application before reading these instructions

Open http://aka.ms/mfasetup in a browser

MS Login


Enter your umu-id@ad.umu.se as the Sign In username

You'll be redirected the regular Umu-id authentication page

Umu Login


Login as normal

You'll now see a list of your MFA Devices.

Umu Login


Click Add method

It asks you to select an authentication method, currently only Authenticator app is supported

MFA Add


Select Authenticator app and click Next

The default is to use the Microsoft Authenticator app on your phone, but we're adding a generic TOTP device

MFA Add


Click I want to use a different authenticator app

 

MFA Add


Click Next

  1. Start the Yubico Authenticator application on your computer
  2. Plugin your Yubikey into a USB-port if you've not already done so
  3. Place the Yubico Authenticator window so that it does not cover the QR-code in the browser

MFA Add


Click Add in the app

 

⚠️ QR-scanning troubleshooting ⚠️

MFA Add If you covered the QR-code the Yubico Authenticator will prompt you reposition the window so that the QR-code is not covered, and click Scan to make it re-scan the screen for a QR-code

The Yubico Authenticator will scan the QR-code and present Issuer and Account Name, which should be Microsoft and your Umu-id@ad.umu.se respectively.

MFA Add


Important: Ensure that Require Touch is selected.
Click Add in the app

 

MFA Add


Click Next on the browser page

To verify that you've added the MFA device successfully it now prompts you to enter the OTP code.

MFA Add


Double-click on the @ad.umu.se account in the app

It prompts you to touch the metal part of the Yubikey device to verify that you want to generate an OTP code.

MFA Add


Physically touch the metal part of the yubikey device to verify that you want to display the OTP code

The OTP code will be displayed in the app, and automatically copied to your clipboard

MFA Add


Paste or type the OTP code in the Enter code field

 

MFA Add


Click Next

Note: A OTP-code is typically valid for about 30 seconds. So if you wait to long between creating the OTP-code and using it, it may have expired. If so, double click in the app again and touch the yubikey to generate a new fresh OTP-code

MFA Add


Success. Your yubikey is now listed among your MFA devices (The generic Authenticator app in the image).