How to Setup a Yubico Key

Updated 2 weeks ago by Alan Martinez

There are several methods to log into Salesforce and satisfy the Multi-Factor Authentication (MFA) requirement. The Salesforce Authenticator mobile app is a simple, no-cost verification method that satisfies Salesforce's MFA requirement. For more information on MFA, including other MFA-compliant verification methods, please see this article. For a short video tutorial on downloading, installing, and registering the Salesforce Authenticator app, please click here.

In several instances, a user's phone may not be able available. Although we recommend users to utilize the Salesforce Authenticator app as a primary way of logging in, there are also security keys, such as this Yubico product, which can be used as a secondary method of logging in. This physical USB product is purchased separately by your school. Please note that the user must have the security key with them each time they wish to access Salesforce if it is their sole MFA verification method. Although the national office does not endorse any specific security key, users have reported the Yubico Key helps satisfies the MFA requirement, particularly for Chrome users. Registering a security key lets the user login into Salesforce in case there is an issue with the Salesforce Authenticator app. Both MFA methods can be tied into a user's account simultaneously.

Register the Yubico Key

If a user has already ordered the Yubico product and has their phone, follow these steps to register the security key to your Salesforce account.

  1. In Salesforce, click your profile icon on the top right corner and click Settings.
  1. In the toolbar to the left, find My Personal Information and click Advanced User Details.
  1. Under User Detail, locate Security Key (U2F or WebAuthn) and click [Register].
  1. Select Approve on the Salesforce Authenticator app.
  1. Insert your Yubico Key to your computer then click Register to associate your Yubico Key to your Salesforce account. You may receive a popup asking you to enter a security key PIN or password depending on your operating system. Additionally, it will ask you to Touch your security key.
  1. Enter your Security Key Name then click Save.

You will see a green check mark; the Yubico key is now registered to your Salesforce account and no longer need your phone to login. You can check if your security key is registered by referring to Step 3.

Enrolling in Lightning Login (Optional)

For a password-free login process, you can enroll in Lightning Login. Doing so will allow you to jump directly to the Salesforce Authenticator approval process without entering your password. Enrolling in Lightning Login is recommended but not required.

  1. In Salesforce, click your profile icon to the top right corner and click Settings.
  1. In the toolbar to the left, find My Personal Information and click Advanced User Details.
  1. Under User Detail, locate Lightning Login and click [Enroll].
  1. A screen will appear prompting you to approve this request on your mobile device, and you will see a notification. Open the Salesforce Authenticator app, review the information, and click Approve.

  1. The following desktop screen will confirm Lightning Login enrollment. The next time you log in, be sure to check the "Remember me" checkbox, as doing so will allow you to bypass the password entry step and proceed straight to the Salesforce Authenticator approval process.


How did we do?


Powered by HelpDocs (opens in a new tab)