We have setup some users to use Yubikeys before so when they login to the Duo Access Gateway for Salesforce, they would login using their credentials and the Duo Prompt would show the Yubikey assigned to them. Well I just setup 3 users that this is no longer working for. They get to the Duo Access Gateway but there is no token choice. There is a place to put in a passcode or touch the key but its not working. What has changed?
What do you mean by “there is no token choice”?
Did you add the Yubikeys as OTP hardware tokens in Duo and assign them to the users, or are they U2F security keys enrolled by the user?
It might be worthwhile to double-check your Authentication Methods policy settings and ensure you have the appropriate token method(s) enabled. The WebAuthn Security Key method must be enabled to use a compatible Yubikey as a one-tap authenticator in Firefox.
I figured it out. I had spaces in between all the CSV Token data. Even though it accepted it, it wouldnt accept the login. Once I fixed the data, it works now.
Thanks for sharing the fix! I’ll make sure that gets noted in our token import documentation.