PingID End User Guide

Using a YubiKey (OTP) for authentication with PingID

You can use a YubiKey for secure authentication with PingID. To set up your YubiKey, you need to register or 'pair' it with your account.

The option to pair your account with this device type is defined by your company policy.

Before you can start using your YubiKey to authenticate, you need to register or 'pair' it with your account. Pairing creates a trust between the YubiKey and your account so that you can use the YubiKey to authenticate during the sign-on process.

You can use a YubiKey to access your account using a web browser, to access your company’s VPN, or to access a Windows login or Mac login machine. For Mac login, you must register your YubiKey through the web to use it to access your Mac Login machine.

  • This section details how to use your YubiKey OTP for authentication with PingID. It is also possible to pair some types of YubiKey as a security key for the added security benefits of FIDO2 authentication. If you’re not sure whether to pair your device as a YubiKey or a security key, then check with your organization’s helpdesk representative before you pair it.

  • See https://www.yubico.com/products/yubikey-hardware/compare-yubikeys/ for a list compatible YubiKey models.

  • Web

  • VPN

  • Windows login

Pairing your YubiKey

Register or 'pair' your YubiKey hardware token, so you can use it to authenticate with PingID.

Before you begin

If you are using a virtual machine (VM) to connect to your accessing device, and you need to pair your YubiKey, configure your VM to recognize a USB device.

About this task

After you have paired your device and authenticated successfully, you can also use it to authenticate for Windows login or Mac login, if required.

Steps

  1. Sign on to your account or app, and when you see the registration window, click Start.

    A screen capture of the Registration window showing the Start button.

    You’ll see the Add a New Device window, showing the YubiKey icon.

    A screen capture of the Add New Device window showing device options available for you to add.

  2. In the Add a New Device window, click YubiKey.

    Result:

    You are prompted to authenticate with your YubiKey.

    A screen capture of the Yubikey window prompting you to insert your Yubikey to pair it.

  3. Insert the YubiKey into your computer USB port, make sure the Alternative Authentication window is the active window on your machine, and then tap the YubiKey.

    If you are using a YubiKey Neo and need to register using a browser on your mobile device through NFC, the process is different. To complete the registration process:

    1. Download the YubiClip application to your mobile device and enable NFC.

    2. Place the YubiKey next to your mobile device. The verification code is copied to the device clipboard.

    3. Paste the code into the YubiKey authentication field in your browser, and tap Verify.

    Result:

    A one-time passcode (OTP) automatically generates and enters into the YubiKey Setup window. Verify is selected automatically, and a green check mark appears, indicating the pairing request is successful. You are automatically signed on to your account or app.

Next steps

The next time you sign on to your account or application, you’ll be able to use your YubiKey to authenticate. For more information, see Authenticating with PingID using a YubiKey.

Pairing your YubiKey (VPN)

Register or 'pair' your YubiKey hardware token so that you can use it to securely access your company’s VPN with PingID.

About this task

To set up your YubiKey on your VPN:

Steps

  1. From your web browser or application, sign on to your VPN and enter your username and password.

  2. Enter other. Click Sign In.

  3. In the blank field, enter YubiKey. Click Sign In.

  4. Insert your YubiKey into the USB port on your machine.

  5. Click the text field to ensure your mouse cursor is placed in the field. Tap the YubiKey.

    Result:

    The YubiKey one-time passcode (OTP) is automatically entered into the text entry field.

  6. Click Sign In.

Next steps

The next time you sign on to your account or application, you’ll be able to use your YubiKey to authenticate. For more information, see Authenticating with PingID using a YubiKey.

Pairing your YubiKey (Windows login)

Register or 'pair' your YubiKey hardware token so that you can use it to access your Windows login machine securely with PingID.

About this task

If you are accessing Windows login through a virtual machine (VM), before pairing your YubiKey, make sure your VM is configured to recognize a USB device.

Steps

  1. Sign on to your Windows machine.

    A screen capture of the Windows sign on page.

    Result:

    The PingID registration window displays.

    A screen capture of the PingID registration window.

    Until you have successfully completed the registration process, you cannot minimize the PingID registration window. If you close the window, you are automatically redirected back to the sign-on page.

  2. Click I want to use a different authentication method.

  3. In theAlternative Authentication window, select Authenticate with YubiKey. Click Next.

    A screen capture of the Alternative Authentication window displaying the Authentication Preference options.

    Result:

    The Alternative Authentication window displays, prompting your YubiKey Setup and verification.

    A screen capture of the Alternative Authentication window, prompting the YubiKey Setup authentication.

  4. Insert the YubiKey into your computer USB port. Tap the YubiKey.

    Make sure that the Alternative Authentication window is the active window on your machine.

    Result:

    A one-time passcode (OTP) is automatically generated and inserted into the YubiKey Setup window, and Verify is selected automatically.

  5. The next time you sign on to your Windows machine, account, or app:

    1. Enter a YubiKey OTP.

    2. Press your YubiKey button to generate the OTP.

    3. Click Sign On to authenticate and sign on.

Result

The green Authenticated message appears with a check mark, indicating that authentication is successful. You are signed on to your Windows machine.

A screen capture of the Windows home desktop page.

Next steps

The next time you sign on to your account or application, you’ll be able to use your YubiKey to authenticate. For more information, see Authenticating with PingID using a YubiKey.