Palo Alto GlobalProtect and Duo yubikey



i have installed Palo Alto Globalprotect and use duo push for my users, this works great - user authenticate trough windows (username/pass) and verify w/duo push on smartphones.

But now there are some users that dont have smartphones and maybe dont have phones. I tried to add yubikey hardware tokens and U2F but i dont seem to get how this should/could co-exist with the current configuration. That is working.

Is there a easier way to do this, with users that dont have the possiblity to use phones - just authenticate w/yubikey hw token/u2f device.

Thank you for info related to this matter.