06-16-2020 08:41 PM
Reading the documentation for Auth API (Auth API | Duo Security) I see that the supported second factor protocols are auto, push, passcode, sms and phone. The passcode option is defined as coming from Duo Mobile, SMS, hardware token, or bypass code, does this include the YubiKey 44 character string generated when touching the YubiKey capacitive button? If so, does the YubiKey need to be enrolled or registered manually by an admin? The “enroll” API endpoint seems to be desgined for OATH TOTP (returns a QR code). Any clarification will be appreciated.
Solved! Go to Solution.
06-22-2020 01:52 PM
YES - You can use YubiKey-generated OTPs with the AuthAPI.
YES - YubiKeys must be imported by Duo admins and assigned to users. End users may not self-enroll hardware OTP devices. Learn more here: Managing OTP Hardware Tokens.
06-22-2020 01:52 PM
YES - You can use YubiKey-generated OTPs with the AuthAPI.
YES - YubiKeys must be imported by Duo admins and assigned to users. End users may not self-enroll hardware OTP devices. Learn more here: Managing OTP Hardware Tokens.
06-22-2020 02:53 PM
Thank you @DuoKristina!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide