This article describes the process for setting up your security key (Yubikey) for use with completing MFA prompts with your SU account.
Add the user to SecurityKeyUsers group, so they can actually self-register a security key. This is only necessary until we roll out FIDO2 security keys enrollment for all users.
Navigate to https://myaccount.microsoft.com and click on “Security Info” in the left sidebar or click on “Update Info” under the Security Info section.
Select “Add sign-in method”.
In the drop down list, select the “Security Key” option.
Next, select the “USB device” option.
Then, you will need to insert your security key into a USB port on your computer. Insert the security key and click “Next”.
A series of prompts will display on the screen asking to setup the key with a PIN number and a name for the key.
When asked “Choose where to save this passkey”, select the “Security key” option.
On the “Security key setup” popup, select “OK”.
On the “Continue setup” popup, select “OK”.
Next, enter a PIN to use to use with the security key. You will need to remember this PIN when you use it to authenticate into your account in the future.
Enter a name for your security key, such as “SU Security Key”. It is to help determine which key it is when viewing your security settings.
Once the security key is configured you will be asked to touch the security key.
If the configuration was successful, then you will get a message that you are all set. Click the “Done” button.
The next time you login into your SU account, select “Other ways to sign in”.
Then, select “Face, fingerprint, PIN or security key”. On the next popup, select “Security key” and click “Next”.
Type in your PIN and touch your security key, and you should be able to login now. The login prompt should default to your security key first from this point forward on the device you are currently using.