YubiKey Authenticator

Once YubiKey Authenticator is enabled, users are authenticated first through their AD domain credentials, and next through the one-time passcode (OTP) generated by the YubiKey Authenticator.


  1. The firewall should have the outbound connections listed below:

    • https://api.yubico.com/wsapi/2.0/verify
    • https://api2.yubico.com/wsapi/2.0/verify
    • https://api3.yubico.com/wsapi/2.0/verify
    • https://api4.yubico.com/wsapi/2.0/verify
    • https://api5.yubico.com/wsapi/2.0/verify
  2. Get the Client ID and Secret Key from the YubiKey website by following the steps below:

    • Go to https://upgrade.yubico.com/getapikey.
    • Enter your email address. Connect the Yubikey to your workstation or server and enter the YubiKey OTP.
    • Select the I've read and accepted the Terms and Conditions option. Click Get API Key.
    • Copy the displayed Secret Key.

Steps for YubiKey Authenticator verification:

  1. Go to Configuration → Self-Service → Multi-factor Authentication → Authenticators Setup.
  2. Select the policy for which YubiKey Authenticator is to be configured from the drop-down
  3. Click YubiKey Authenticator section.
  4. Enter the Client ID and the Secret Key from step 2 of the prerequisites.
  5. Yubikey

  6. Click Save.

Yubikey Confirm MSG

Note: You can choose to enforce multiple configurations for different users based on their domain, group, or OU membership, or simply apply one YubiKey Authenticator setting for all users..

Copyright © 2020, ZOHO Corp. All Rights Reserved.