Solved: Can Auth API be used for Yubico OTP (44 character passcode)

MiguelRodriguez24531 · ‎06-16-2020

Reading the documentation for Auth API (Auth API | Duo Security) I see that the supported second factor protocols are auto, push, passcode, sms and phone. The passcode option is defined as coming from Duo Mobile, SMS, hardware token, or bypass code, does this include the YubiKey 44 character string generated when touching the YubiKey capacitive button? If so, does the YubiKey need to be enrolled or registered manually by an admin? The “enroll” API endpoint seems to be desgined for OATH TOTP (returns a QR code). Any clarification will be appreciated.

DuoKristina · ‎06-22-2020

YES - You can use YubiKey-generated OTPs with the AuthAPI.
YES - YubiKeys must be imported by Duo admins and assigned to users. End users may not self-enroll hardware OTP devices. Learn more here: Managing OTP Hardware Tokens.

Duo, not DUO.

View solution in original post

DuoKristina · ‎06-22-2020

YES - You can use YubiKey-generated OTPs with the AuthAPI.
YES - YubiKeys must be imported by Duo admins and assigned to users. End users may not self-enroll hardware OTP devices. Learn more here: Managing OTP Hardware Tokens.

Duo, not DUO.

MiguelRodriguez24531 · ‎06-22-2020

Thank you @DuoKristina!

Can Auth API be used for Yubico OTP (44 character passcode)

Nexus Dashboard / Nexus Dashboard Service API Documentation のアクセス方法

No IP address when using Passcode option in Duo

エンドポイントのユーザ作成が The passphrase is commonly used で失敗する

Stranger character on PUTTY

Using Auth API with Duo Web