---
title: Configuring YubiKey authentication (Yubico OTP) for PingID
description: The YubiKey is a hard token that acts as a hardware authenticator. By combining PingID and YubiKey, an enterprise gives their users an additional, secure form of strong authentication.
component: pingid
page_id: pingid:pingid_service_management:pid_configuring_yubikey_authentication_yubico_otp
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_yubikey_authentication_yubico_otp.html
revdate: July 9, 2024
section_ids:
  configuring-yubikey-authentication: Configuring YubiKey authentication
  steps: Steps
  result: Result
---

# Configuring YubiKey authentication (Yubico OTP) for PingID

The YubiKey is a hard token that acts as a hardware authenticator. By combining PingID and YubiKey, an enterprise gives their users an additional, secure form of strong authentication.

YubiKeys can be paired for either:

* Yubico OTP authentication

* Security Key FIDO2/U2F authentication

|   |                                                                                                                                                                                                                                                     |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | If you have a YubiKey that is FIDO2 compliant, to take advantage of FIDO2 capabilities, pair the device as a security key. For more information, see [(Legacy) Configuring the FIDO2 security key for PingID](configuring_fido2_security_key.html). |

A YubiKey hardware authenticator can be used in sensitive environments or for users working in environment with limited device or phone access, such as hospitals, financial institutions, or federal buildings.

The YubiKey hardware gives your enterprise a variety of form factors to allow the user to authenticate combined with the contextual awareness of PingID. YubiKey doesn't require a battery or network connectivity, so it's always on and accessible for MFA.

When YubiKey authentication is enabled, the user registers their personal YubiKey and pairs it with their PingID account. This creates a trust between the YubiKey and the user's account so they can use the YubiKey to authenticate during the sign on process.

For information about the user experience, see the [PingID End User Guide](http://docs.pingidentity.com/pingid-user-guide/).

|   |                                                                                                                                        |
| - | -------------------------------------------------------------------------------------------------------------------------------------- |
|   | To find the YubiKey models that support Yubico OTP, see the [YubiKey products page](https://www.yubico.com/products/yubikey-hardware). |

## Configuring YubiKey authentication

### Steps

1. In the admin console, go to **Setup → PingID → Configuration**.

2. Go to the **Alternate Authentication Methods** section.

   ![A screen capture of the Alternate Authentication Methods section.](_images/vkb1564020562147.png)

3. In the **Enable** column, select the **YubiKey** check box.

4. Click **Save**.

### Result

Users can now pair and authenticate with their YubiKeys.