How to add a WebAuthn security key to Duo MFA?

Body

Overview

Sample U2F tokensWebAuthn tokens are physical hardware devices which can be used to complete multifactor authentication (MFA) and usually connect to your computer via a USB port but some use Bluetooth or NFC. Common WebAuthn tokens include those from Yubico (YubiKey), Fetian, and Google Titan.

Note: it is also possible to use "Platform Authenticators" in place a physical security key. Information on enrolling Platform Authenticators, like Touch ID or Windows Hello, is available here: https://guide.duo.com/universal-prompt#platform-authenticators

 

Recommended Brand

Yubico YubiKeys are recommended and a comparison of products can be found here: https://www.yubico.com/store/compare/

The "Security Key Series" is the least expensive and provides the minimum functionality for use with Duo. It will work in most cases but will not work with the VPN and some other uncommon scenarios.

 

Duo Guide

A guide from Duo for enrolling Security Keys with the Duo Universal Prompt is available here: https://guide.duo.com/universal-prompt#add-security-key

 

Enrollment Process

Step 1

Open one of Chrome, Firefox, Safari, or the new Microsoft Edge browser and navigate to https://help.uidaho.edu/duo. If you are already logged in to MyUI or OWA, you likely won't have to enter your username and password and can skip to Step 2. If you are prompted for username and password, follow these steps:

 

Step A

Enter your username if prompted.

Login page enter username

 

Step B

Enter your password if prompted.

Password prompt to complete login

 

Step C

Complete Duo authentication using one of your current methods.

Complete Duo Authentication

 

Step 2

Complete Duo authentication. Note you will be prompted for Duo at this point even if you just did Duo in step 1.

Complete Duo to access your devices and settings

 

Step 3

Click "Add another device".

Duo prompt - click add new device

 

Step 4

Select "Security Key" and click "Continue".

Add Duo U2F token

 

Step 5

Click "Continue".

Prompt warning

 

Step 6

Plug your WebAuthn/U2F token into your computer if you haven't already.

Prompt to insert key

 

Step 7

Tap the key when prompted:

Touch key to continue

 

Note if you are using a Safeguard encrypted computer you may see a prompt for username and password. To get around this, click "More Choices" and then the person silhouette icon. Once you do this you should see the "Touch your security key" prompt shown above.

Expanded more choices

 

Step 8

The token has been added to your account and shows in the list of options.

Key added to Duo

 

 

 

Related Articles

Related Articles (3)