Duo: Setting up Personal Security Keys

Summary

Setting up Security Keys with Duo MFA

Body

Issue/Question
  • How do I add my physical security key, such as Yubikey, to Duo?

 

Overview

Duo authentication methods allow the use of physical security keys to authenticate a user instead of using a typical mobile app on the phone. Duo MFA is mandatory, but DSU ITS recommends the use of the mobile app due to convenience, storage, and compatibility with a range of end-user devices when authenticating Duo on various platforms. Although Security Keys can be a recommended way of authenticating due to their disconnection from the internet, security keys can easily be misplaced, lost, or broken. DSU ITS tends to find that users maintain their phone better than a single USB key, and as such, we recommend using the mobile app when possible. A final issue is authenticating with a physical security key requires the use of NFC (when supported on the key) or via USB or USB-C connection, and at times you may find yourself using a device that does not support one of these methods such as legacy devices or IOT devices you may use in your room.

 

Environment

Resolution
  1. Navigate to https://apps.dsu.edu/dsu-account/user/default.aspx and login with your DSU credentials.
  2. Once logged in, select Manage under Mutli-Factor Authentication on the main page.
  3. Select Add a new device inside the Duo window.
  4. Click the radio button for Security Key (YubiKey, Feitian, etc.) - Not Recommended.
  5. Select I accept and understand my responsibility of using Security Key.
  6. Click Continue Adding Security Key.
  7. You may be prompted for Duo authentication at this point, select Other Options and then Manage devices.

    Arrow pointing to "Other options" on the universal prompt - To be selected without approving the push notification.
  8. Select Add a device.
  9. In the popup window inside the main window, select Security key.
  10. Click Continue.
  11. Insert your WebAuthn/FIDO2 security key to your computer and activate it as per vendor instructions.
  12. Some keys require tapping a circle or pressing a button to activate the key when inserted into a computer device, or you may simply need to tap the NFC reader on your device.
  13. When you receive confirmation that you added your security key as a verification method click Continue.
  14. You can now log in to Duo-protected applications that show the Duo prompt in a web browser using your security key.

 

Details

Details

Article ID: 148261
Created
Fri 2/23/24 9:44 AM
Modified
Sun 2/25/24 9:34 PM