Body
This service is for faculty, staff, and students.
We now support the use of Yubikey 5 NFC security keys with St. Thomas accounts for meeting the requirement for MFA. This enables people without cell phones to use MFA. Currently, only the physical key paired with the Yubico Authenticator App (found in the Microsoft or Apple App Store) will work with our accounts. The key can be purchased through Yubico or Amazon.
- Yubico Website
- Amazon.com
Please NOTE:
- ONLY the specific Yubikey options above will work with your St. Thomas account. No other Yubikey products or other types of security tokens are currently supported on St. Thomas accounts.
- You should confirm the type of USB port on your device before ordering - both USB A and USB C keys are also available using the links above and the directions below will work for either.
Faculty and Staff - Decisions to cover the cost of this device are up to the individual department. Please check with your supervisor for any questions related to purchasing. If approved by your supervisor/department, you can request either a USB-A or USB-C Yubikey be purchased and charged to your department index by filling out this form.
Getting familiar with your Yubikey
The Yubikey 5 NFC is a FIDO2 security token that you can use to secure both your St. Thomas digital accounts and your personal accounts. You can read more about FIDO2 here. The Yubikey functions in a couple of different ways, however currently we support the COMBINATION of the key itself and the Yubico Authenticator App (which unlike other apps can be installed on your computer as well as a mobile device). ONLY the specific Yubikey options above will work with your St. Thomas account. No other Yubikey products or other types of security tokens are currently supported on St. Thomas accounts.
When you first open your Yubikey, you'll notice there isn't much to it. And once we get the app installed, it is pretty easy to use. So let's get started:
As mentioned earlier in this article, depending on the USB ports on your computer, you will have either a USB A (shown here) or a USB C connector. You will also notice a gold circle on the body of the key - this is a touch pad or sensor. In the most secure mode, you are required to physically touch the key to authenticate (we recommend this). Insert the Yubikey into a USB port on your machine. You may be prompted to configure the key and add a PIN. You can do that if you wish, however it will not be necessary for our multifactor authentication.
You are now ready to download and install the Yubico App.
Installing the Yubico Authenticator App
NOTE - It is important on all computers that they be on a current and updated version of their Operating System. Outdated systems will not be able to run the Yubico app.
Windows Computers
Personal Computer or UST Windows Computer
1. Find the Microsoft Store on your computer.
- The easiest way to do this is the type the word "Store" in the search bar on the lower left side of your primary screen.
2. Once you are in the Store, you can search for "Yubico" or "Yubikey".
3. In the search results, you should see something like this:
4. Click on this to get more details, as well as the option to Install. Go ahead and install it, following any prompts.
Apple/Mac Computer
Personal Computer
1. Open the Apple app store on your computer
2. Once you are in the Store, you can search for "Yubico" or "Yubikey".
3. In the search results, you should see something like this:
4. Click install
UST Computer
1. Open the Self Service app on your computer
2. Once you are in the Self Service app, you can search for "Yubico" or "Yubikey".
3. In the search results, locate and click on the Yubico app, and then click Install
Linking Yubikey with your St. Thomas Account
Here's where things could get a little tricky. The set up requires you to keep two windows open and perform tasks in both the Yubikey Authenticator App and your St. Thomas Account Security Info. Don't worry though - just proceed carefully through the steps below and make sure you read any prompt you see thoroughly.
1. During first time setup, you will usually be automatically directed into setup
- To get there manually go to the UST MFA Set Up Page and log in with your St. Thomas username & password. (Note: be sure to enter your full username@stthomas.edu. For example: john1234@stthomas.edu)
2. After logging in with your St. Thomas username & password you should receive the below "More information required" message, then click next.
3. In this window choose "I want to use a different authenticator app".
4. Open the Yubikey app (you will need to keep the browser window open as well, as you will need to sync some information between the two windows) and select "Add Account" and then "Add Manually" as shown below. Then in the browser window click next.
5. In the Yubico app, you will then see a dialog box asking for information you don't know yet - the Account Name and Secret key. That's OK - we are going to get that now. In your browser window, you should now see a screen instructing you to "Scan the QR code" and showing you a QR code. Under the QR code click on the "Can't scan image?" button.
6. In the browser window, you should now see an Account Name and Secret Key, with Copy to Clipboard icons next to each. Copy each into your Yubico App in the correct fields and put a name that you recognize and associate with your St. Thomas account into the Issuer field. UST works well, but you can call it anything you'd like. Then, click "add account" in the Yubico app and in the browser window click next.
7. You will now be prompted to do a test MFA to ensure it is working. The browser window should be requesting a security code or token. The combination of your Yubico app and your Yubikey will generate this. Make sure your key is still in your USB drive and go back to your Yubico App. You should see something like this:
8. DOUBLE CLICK the account in the Yubico app. You will then see a prompt to TOUCH your Yubikey. Press your finger on the gold circle on your Yubikey while it is still plugged into the USB port (don't remove it). After a second, you should see a 6 digit code displayed, along with a copy to clipboard icon. Copy and paste this in your Microsoft Account browser window where you were prompted for a code.
And that's it! You can now use your Yubikey to generate a code whenever you are prompted for multifactor authentication by following this final step!
To report a problem or receive additional troubleshooting, please contact the
Tech Desk.