Evo supports the use of Yubikey HardKeys, but those keys must be OATH-HOTP compatible. A very popular brand that is OATH-HOTP compatible is Yubico with their Yubikey 5 models. This guide will help you configure your Yubikey for Evo so that you can use the hardware key for your 2FA/MFA purposes.
NOTE: Using the YubiKey Personalization tool can and will overwrite previous configurations already set on your Yubikey.
1. First, determine if your Yubikey is OATH-HOTP compatible. There are multiple ways to do this on the Yubico website, however a necessary step in configuring your Yubikey will be using the Yubikey Personalization Tool. Download it from here - https://www.yubico.com/support/download/yubikey-personalization-tools/
2. Once downloaded, plug your Yubikey in and run the tool. It should look something like this:
On the bottom right on the side panel, you should notice the OATH-HOTP option with a green check. This lets you know if your device is compatible.
3. With your device still plugged in and the tool running, select the OATH-HOTP option at the top bar. Select the "Quick" Mode.
4. You will now be in the OATH-HOTP Mode for setup, and the screen should look like this:
5. Now, let's set it up!
- Select a configuration slot 1. Current functionality only maps to configuration slot 1.
- Uncheck "OATH Token Identifier", it is not used by Evo and will cause errors.
- Make sure 6 digits is selected.
- Unhide your Secret key. This key will be used on the Evo Portal soon, you'll need to copy/paste it. Feel free to regenerate it if you wish.
- Once all options are properly configured, click "Write configuration" to write this to the selected configuration slot.
Keep this tool open, it's time to head to your Evo Portal!
1. Log-in to your Evo Portal
2. Click on "My Company" (or select the customer you wish) and choose "Keys".
3. Once on the "Keys" page, select "Add New Keys"
4. Select "Manual"
5. You will now be presented with this window:
Let's use what we have from the Yubikey Personalization Tool to set this up:
- For Key type, Make sure HOTP is selected!
- For Serial number, notice on the right side of the Yubikey Personalization tool that there is the Serial Numbers in Decimal, Hex, and Modhex. Copy/paste the Decimal version.
- For Key Secret, copy the Secret Key from the Personalization Tool and paste it. Notice that it will copy/paste with spaces. You must remove the spaces in order to properly configure this. Failure to do so will result in the token not being saved.
- Select the directory where the user exists that you wish to attach the Yubikey to.
- Finally, select the user to assign the key to.
- Click "Assign Key to User"
Voila! You have successfully configured a Yubikey to work with your Evo user! Now when you authenticate, whether through the portal or our credential provider, you can now use the OTP generated from your hard key in order to 2FA/MFA!