Skip to main content

Provision YubiKey OATH HOTP device (Self-service)

Intended audiences: End users

As an end user, you can provision a YubiKey OATH HOTP device on the Self-service page.

The process explained in this topic might vary, depending your organization's settings.

Prerequisites

  • Programmed HOTP YubiKey device from your organization administrator

  • Device ID – Provided by your administrator. This is stamped on the YubiKey device and obtained from the configuration log (PSKC) file under <SerialNo>

  • Secret key – Provided by your administrator. This is the secret key for the associated YubiKey device in the configuration log file (PSKC) file under <Secret><PlainValue>

Provisioning HOTP YubiKey on Self-service page

Follow these steps to add and provision a YubiKey OATH HOTP device for yourself.

  1. Open the Self-service page.

    yubikey_hotp_self-service_002.png

  2. Enter your login credentials and authenticate to the Self-service page.

  3. On your Self-service account page, in the OTP Devices section, click Assign a Device.

    yubikey_hotp_self-service_003.png

  4. In the Add OATH Device dialog, enter the following information.

    yubikey_hotp_self-service_004.png

    Device ID

    The device ID provided by your administrator.

    This is stamped on the YubiKey device and obtained from the configuration log (PSKC) file under <SerialNo>.

    Secret Key

    The secret key provided by your administrator.

    This is the secret key for the associated YubiKey device in the configuration log file (PSKC) file under <Secret><PlainValue>

    Note

    If there is more than one entry in the configuration log (PSKC) file, be sure to use the latest plain value saved for this YubiKey device.

    Counter

    Set the counter to 0 (zero).

  5. Click Add Device.

    The YubiKey OATH HOTP device displays on the Self-service page with the associated device ID, and the date and time it was added to your account.

    yubikey_hotp_self-service_005.png

Use HOTP YubiKey as an authentication method

After provisioning your HOTP YubiKey device, you can use it as an authentication method when logging in to an application.

  1. Begin your log in to an application.

  2. From the list of MFA methods, select OATH Token - HOTP device and click Submit.

    Self_provisioning_HOTP_YubiKeys_experience_8.png

  3. On the Enter Passcode dialog, insert the YubiKey in your machine and touch the YubiKey to generate a passcode. Click Submit.

    Self_provisioning_HOTP_YubiKeys_experience_9.png

  4. If the passcode is valid, you are logged in to your application.

In this section: