PingOne

(Workforce Only) Configuring YubiKey OTP authentication for PingID

YubiKey hard tokens can be used to generate a one-time passcode (OTP) with which to authenticate. YubiKeys can be paired for Yubico OTP authentication.

If your YubiKey is FIDO2 compliant, you can pair it as a passkey (FIDO2/U2F Security Key). For information about configuring a YubiKey as a passkey for FIDO2 authentication, see Configuring FIDO2 authentication (Passkeys)

A YubiKey hardware authenticator can be used in sensitive environments or for users working in environment with limited device or phone access, such as hospitals, financial institutions, or federal buildings.

The YubiKey hardware gives your enterprise a variety of form factors to allow the user to authenticate combined with the contextual awareness of PingID. YubiKey doesn’t require a battery or network connectivity, so it’s always on and accessible for MFA.

When YubiKey authentication is enabled, the user registers their personal YubiKey and pairs it with their PingID account. This creates a trust between the YubiKey and the user’s account so they can use the YubiKey to authenticate during the sign on process.

Learn how to configure a YubiKey for use with PingID in PingOne in Configuring an MFA policy for strong authentication.

Learn more about the user experience in the PingID End User Guide.

Find the YubiKey models that support Yubico OTP in the YubiKey products page.