When the YubiKey tokens you have purchased are in the Yubico OTP mode, to enable their use with Defender, you need to specify the client ID and API key provided with the tokens in the Defender Administration Console, and then configure self-service settings on the Defender Management Portal to enable users to self-register their YubiKey tokens on the Defender Self-Service Portal.
When a user registers the YubiKey on the Defender Self-Service Portal, the corresponding token object is automatically created in Active Directory.
To enable the use of YubiKey working in Yubico OTP mode
- In the Defender Administration Console, specify the client ID and API key provided to you with the YubiKey tokens:
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane of the ADUC tool, expand the appropriate domain node, and click to select the Defender container.
- On the menu bar, select Defender | YubiCloud Client Configuration.
- In the dialog box that opens, type the client ID and API key provided to you with the YubiKey tokens.
- Click the Test button, and follow the on-screen instructions to ensure the supplied client ID and API key are valid. If the test completes successfully, click OK to save the client ID and API key.
- Configure the Defender Self-Service Portal to enable the registration of YubiKey tokens for the users:
- Open the Defender Management Portal. For more information, see Opening the portal.
- In the left pane, click the Self-Service Settings tab.
- In the right pane, on the General tab, use the Permissions area to add Active Directory groups and enable their members to register their YubiKey tokens via the Defender Self-Service Portal.
For the descriptions of elements you can use on the Self-Service Settings tab, see Configuring self-service for users.