Yubikey hardware token

Adding the yubikey as a MFA for Umu-id

Note: First install the Yubico Authenticator application before reading these instructions

Open http://aka.ms/mfasetup in a browser

MS Login


Enter your umu-id@ad.umu.se as the Sign In username

You'll be redirected the regular Umu-id authentication page

Umu Login


Login as normal

You'll now see a list of your MFA Devices.

Umu Login


Click Add method

It asks you to select an authentication method, currently only Authenticator app is supported

MFA Add


Select Authenticator app and click Next

The default is to use the Microsoft Authenticator app on your phone, but we're adding a generic TOTP device

MFA Add


Click I want to use a different authenticator app

 

MFA Add


Click Next

  1. Start the Yubico Authenticator application on your computer
  2. Plugin your Yubikey into a USB-port if you've not already done so
  3. Place the Yubico Authenticator window so that it does not cover the QR-code in the browser

MFA Add Mac


Open the app by searching for Yubico Authenticator in Apple Spotlight (+Space)

 

MFA Add Mac


Change view by clicking on the Menu-button (☰) in the top left corner

 

MFA Add Mac


In the Menu select Authenticator

 

MFA Add Mac


In the top right corner, click the Options-button (⋮), and select Scan QR-code

 

MFA Add Mac


Click Open System Preferences or navigate to Preferences->Security & Privacy->Privacy->Screen Recording

 

MFA Add Mac


Click the lock and enter your password when prompted.

 

MFA Add Mac


Click the box next to Yubico Authenticator

 

MFA Add Mac


Press Quit & Reopen to re-launch Yubico Authenticator with the new system permissions

 

Navigate back to the Scan QR code mode in the app

MFA Add Mac


Click Scan QR code in the menu, with the QR-code in the browser visible on the scren

 

⚠️ QR-scanning troubleshooting ⚠️

MFA Add If you covered the QR-code the Yubico Authenticator will prompt you reposition the window so that the QR-code is not covered, and click Try again to make it re-scan the screen for a QR-code

The Yubico Authenticator will scan the QR-code and present Issuer and Account Name, which should be Microsoft and your Umu-id@ad.umu.se respectively.

 

MFA Add Mac


Important: Ensure that Require touch is selected.
Click Add account in the app

 

MFA Add


Click Next on the browser page

To verify that you've added the MFA device successfully it now prompts you to enter the OTP code.

MFA Add


Double-click on the @ad.umu.se account in the app

It prompts you to touch the metal part of the Yubikey device to verify that you want to generate an OTP code.

MFA Add


Physically touch the metal part of the yubikey device to verify that you want to display the OTP code

The OTP code will be displayed in the app, and automatically copied to your clipboard

MFA Add


Paste or type the OTP code in the Enter code field

 

MFA Add


Click Next

Note: A OTP-code is typically valid for about 30 seconds. So if you wait to long between creating the OTP-code and using it, it may have expired. If so, double click in the app again and touch the yubikey to generate a new fresh OTP-code

MFA Add


Success. Your yubikey is now listed among your MFA devices (The generic Authenticator app in the image).