Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3709
Views
2
Helpful
7
Replies

YubiKey 5 NFC and Mobile Devices - how to authenticate?

JuniorSA
Level 1
Level 1

‎04-29-2021 12:00 PM

Hello - I’m working on implementing the YubiKey 5 NFC for an organization and I’m wondering how users would authenticate on mobile devices such as their phones and tablets? My scenario will focus on Microsoft Azure Active Directory - so a Duo Prompt would appear after implementation for users that have Outlook on their phones.

I found an old thread here, but nothing else:

Documentation states nothing about mobile devices:
https://guide.duo.com/security-keys

Labels:
0 Helpful
7 Replies 7

Amy2
Level 5
Level 5

‎05-05-2021 08:06 AM

Hi @JuniorSA,
Based on what I can find so far, Yubikey 5 NFC will not work on a mobile device with Duo. For tablets and phones, we recommend using Duo Mobile to authenticate instead. Have you already looked into that, and is there a reason you don’t want to use it if so?

0 Helpful

JuniorSA
Level 1
Level 1
In response to Amy2

‎05-05-2021 08:23 AM

Hey Amy - thanks for the reply.
A client I’m working with would prefer using the YubiKey as they don’t want to force the installation of the Duo Mobile app on their employee’s phones.

I personally prefer the Duo Mobile app and Duo Push for authentication… but sometimes it isn’t my call

Thank you!

0 Helpful

Amy2
Level 5
Level 5
In response to JuniorSA

‎05-05-2021 10:52 AM

Ah, that makes sense. It is a common thing we hear from users, so I understand. Thank you for sharing that additional info.

The only other option I can think of would be to use a hardware token, or potentially phone call or SMS, but those may not be the best for your given situation as they have their own drawbacks. Sorry I can’t be of more help here!

0 Helpful

Genessy
Level 1
Level 1

‎06-14-2021 07:45 AM

I was able to authenticate by enabling NFC on my Android phone, and putting the Yubikey 5 NFC to the back of the phone. The phone then prompted me to open a Yubico site that gave me access to copy my passcode into the challenge field for the Office authentication.

JuniorSA
Level 1
Level 1
In response to Genessy

‎06-14-2021 08:05 AM

Did you have to do any additional configuration in the Duo Admin Console or to the Yubikey??

0 Helpful

Genessy
Level 1
Level 1
In response to JuniorSA

‎06-14-2021 08:09 AM

I followed the instructions listed here to “program” the Yubikey and add it to our console and attach it to the user account.

However, after re-reading your post, we are using a hybrid environment with ADFS, which may make the difference regarding the authentication ability.

JuniorSA
Level 1
Level 1
In response to Genessy

‎06-14-2021 08:29 AM

Yep I did try this with no success with Azure being the protected application. Plus, with over 50 keys being sent to remote clients this seems quite cumbersome!

Thanks for the input!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents