Since the YubiKey does not contain a battery it cannot track time and will require software to generate OATH-TOTP codes. Yubico provides Yubico Authenticator for all major platforms (Windows, MacOS, Android, and iOS) to display the one time passcodes generated on the YubiKey.
Select Security Info in the left navigation or Update Info in the Security Info tile.
Select Add Method.
Select Authenticator app.
Make sure to select “I want to use a different authenticator app”.
You will now see a QR code displayed on the screen.
Insert your YubiKey and open Yubico Authenticator. Select Add or click on the three vertical dots in the top right corner. If the QR Code is visible, it will automatically fill in the fields required.
Double-click the Microsoft entry to copy the code to your clipboard. If successful, the message displays Code copied to clipboard.
Note: if you selected Require Touch in the previous step you must touch your YubiKey to copy the code.
Back in your internet browser window paste the code in the box and click Next.
You have now successfully registered your YubiKey to your account!
Use a YubiKey to sign in
It is simple to use your YubiKey as an OATH token to sign in to a Microsoft site, or site that has been federated to Azure AD. Generating the YubiKey OTP code to sign in can be done on any device where the Yubico Authenticator is installed (Linux, MacOS, Microsoft Windows, Android, and iOS).
Before you begin
Your YubiKey will need to be registered to your Azure AD account.
If one does not click I want to use a different authenticator app when setting up TOTP MFA via self-service, the QR code produced will only be readable by Microsoft Authenticator. When trying to scan such a QR code, Yubico Authenticator for desktop will indicate that no QR code is visible on screen (No QR code found on screen), Yubico Authenticator for iOS version will produce the error Error occurred - Invalid URI format, and Yubico Authenticator for Android, The scanned barcode is invalid.
Another OATH token cannot be added.
Microsoft specifies that up to five MFA tokens can be associated with one account. The limit applies to hardware and software OATH-TOTP implementation including Microsoft Authenticator apps. For example, you can associate three YubiKeys, one Microsoft Authenticator app, and a phone number to an individual account if no other OATH token is being used.
If you have questions about using your Yubikey for Microsoft MFA, please contact the ITS Service Center at ITS.ServiceCenter@fredonia.edu or (716) 673-3407.