MFA: Yubikey Purchase Links and Setup Instructions

Summary

Step by step guide to setting up a Yubikey 5 NFC to work with St. Thomas MFA.

Body

This service is for faculty, staff, and students.

We now support the use of Yubikey 5 NFC security keys with St. Thomas accounts for meeting the requirement for MFA. This enables people without cell phones to use MFA. Currently, only the physical key paired with the Yubico Authenticator App (found in the Microsoft or Apple App Store) will work with our accounts. The key can be purchased through Yubico or Amazon. 

Please NOTE: 

  • ONLY the specific Yubikey options above will work with your St. Thomas account. No other Yubikey products or other types of security tokens are currently supported on St. Thomas accounts.
  • You should confirm the type of USB port on your device before ordering - both USB A and USB C keys are also available using the links above and the directions below will work for either.  

Faculty and Staff - Decisions to cover the cost of this device are up to the individual department. Please check with your supervisor for any questions related to purchasing. If approved by your supervisor/department, you can request either a USB-A or USB-C Yubikey be purchased and charged to your department index by filling out this form.

Getting familiar with your Yubikey

The Yubikey 5 NFC is a FIDO2 security token that you can use to secure both your St. Thomas digital accounts and your personal accounts.  You can read more about FIDO2 here.  The Yubikey functions in a couple of different ways, however currently we support the COMBINATION of the key itself and the Yubico Authenticator App (which unlike other apps can be installed on your computer as well as a mobile device). ONLY the specific Yubikey options above will work with your St. Thomas account. No other Yubikey products or other types of security tokens are currently supported on St. Thomas accounts.

When you first open your Yubikey, you'll notice there isn't much to it.  And once we get the app installed, it is pretty easy to use. So let's get started:

A black Yubi Key with a red arrow pointing to the touch pad, located in the middle of the Yubi Key. There is another red arrow pointing to the USB Connector located on the tongue of the Yubi Key. 

As mentioned earlier in this article, depending on the USB ports on your computer, you will have either a USB A (shown here) or a USB C connector.  You will also notice a gold circle on the body of the key - this is a touch pad or sensor.  In the most secure mode, you are required to physically touch the key to authenticate (we recommend this).  Insert the Yubikey into a USB port on your machine.  You may be prompted to configure the key and add a PIN.  You can do that if you wish, however it will not be necessary for our multifactor authentication.

You are now ready to download and install the Yubico App.

Installing the Yubico Authenticator App

NOTE - It is important on all computers that they be on a current and updated version of their Operating System. Outdated systems will not be able to run the Yubico app.

Windows Computers

Personal Computer or UST Windows Computer

1. Find the Microsoft Store on your computer. 

  • The easiest way to do this is the type the word "Store" in the search bar on the lower left side of your primary screen. 

2. Once you are in the Store, you can search for "Yubico" or "Yubikey". 

3. In the search results, you should see something like this:

Yubico Authenticator application download page. The application has a 4.1 star rating and a purple bar with the text "Open" inside of it.

4. Click on this to get more details, as well as the option to Install.  Go ahead and install it, following any prompts.

 

Apple/Mac Computer

 

Personal Computer

1. Open the Apple app store on your computer

2. Once you are in the Store, you can search for "Yubico" or "Yubikey". 

3. In the search results, you should see something like this:

Yubico Authenticator application download page. The application has a 4.1 star rating and a purple bar with the text "Open" inside of it.

4. Click install

UST Computer

1. Open the Self Service app on your computer

2. Once you are in the Self Service app, you can search for "Yubico" or "Yubikey". 

3. In the search results, locate and click on the Yubico app, and then click Install

Linking Yubikey with your St. Thomas Account

Here's where things could get a little tricky.  The set up requires you to keep two windows open and perform tasks in both the Yubikey Authenticator App and your St. Thomas Account Security Info.  Don't worry though - just proceed carefully through the steps below and make sure you read any prompt you see thoroughly.

1. During first time setup, you will usually be automatically directed into setup

  • To get there manually go to the UST MFA Set Up Page and log in with your St. Thomas username & password. (Note: be sure to enter your full username@stthomas.edu. For example: john1234@stthomas.edu)

2. After logging in with your St. Thomas username & password you should receive the below "More information required" message, then click next.

Windows St thomas page presented after logging in with username and password advising that multifactor authentication needs to be set up.

3. In this window choose "I want to use a different authenticator app".

Windows St Thomas multifactor authentication page. A red oval surrounds the text "I want to use a different authenticator app".

4. Open the Yubikey app (you will need to keep the browser window open as well, as you will need to sync some information between the two windows) and select "Add Account" and then "Add Manually" as shown below. Then in the browser window click next.

Inside the Yubico Authenticator app, a red oval surrounds the text "Add Account".

Steps required to add new Yubi Key authenticator manually. A red oval surrounds the text "Add manually".  

Windows St thomas multifactor authentication page. Authenticator app set up your account. Advises to add new account in the app and select next with download link and next button.

5. In the Yubico app, you will then see a dialog box asking for information you don't know yet - the Account Name and Secret key.  That's OK - we are going to get that now. In your browser window, you should now see a screen instructing you to "Scan the QR code" and showing you a QR code. Under the QR code click on the "Can't scan image?" button.

Default Yubi Key setup page for adding a new account. Includes 3 text boxes to input information about your Yubi Key.

 

Microsoft Authenticator setup page instructing users to scan a QR code with the Microsoft Authenticator app. The button for "Can't scan image?" is inside a red oval. The "Back," and "Next" buttons are visible on the right side of the image.

6. In the browser window, you should now see an Account Name and Secret Key, with Copy to Clipboard icons next to each. Copy each into your Yubico App in the correct fields and put a name that you recognize and associate with your St. Thomas account into the Issuer field.  UST works well, but you can call it anything you'd like. Then, click "add account" in the Yubico app and in the browser window click next.

Yubi Key setup page for adding a new account. Red box containing the text "UST" is inside the top "Issuer" box.  "Account Name" and "Secret Key" fields contain a red oval around each.

 

Microsoft Authenticator setup page instructing users to scan a QR code with the Microsoft Authenticator app. Below the QR code, new text has been added and are circled by red ovals. The new circled text contains your "Account Name" and "Secret Keys".

7. You will now be prompted to do a test MFA to ensure it is working. The browser window should be requesting a security code or token. The combination of your Yubico app and your Yubikey will generate this. Make sure your key is still in your USB drive and go back to your Yubico App. You should see something like this:

Inside the Yubi Key application a new Yubi Key is now visible. A red circle with the number 1 inside is pointing to the account "UST" with the text "Double Click". To the right of the red circle '1' there is another red circle '2'. This circle has arrows that point to locations where a number will populate. The text below '2' reads "Number Available here after touching the Yubikey."

 

 

Screenshot of the Yubi Key authentication prompt. "Touch Required. Touch the button on your YubiKey now".

8. DOUBLE CLICK the account in the Yubico app. You will then see a prompt to TOUCH your Yubikey. Press your finger on the gold circle on your Yubikey while it is still plugged into the USB port (don't remove it). After a second, you should see a 6 digit code displayed, along with a copy to clipboard icon. Copy and paste this in your Microsoft Account browser window where you were prompted for a code.

And that's it!  You can now use your Yubikey to generate a code whenever you are prompted for multifactor authentication by following this final step!

 

To report a problem or receive additional troubleshooting, please contact the Tech Desk

Details

Details

Article ID: 144804
Created
Thu 7/7/22 11:33 AM
Modified
Thu 8/8/24 5:00 PM

Related Articles

Related Articles (3)

New to St. Thomas? Here are instructions to setup multi-factor authentication on your St. Thomas account.

Related Services / Offerings

Related Services / Offerings (1)