.. Onboarding.rst ========== Onboarding ========== The current guide (https://console.yubico.com/help/) is available without logging in. Prior to Onboarding =================== After the :ref:`prerequisites-label` have been met, Yubico does the following: 1. Creates a YubiEnterprise Delivery account for your organization 2. Enters the purchased products and delivery shipping credits into your organization's YubiEnterprise Delivery account 3. Assigns YubiEnterprise Delivery login privileges to your organization's enterprise account owner (Org Owner), who is nominated when the first purchase order (PO) is submitted 4. Emails the login credentials to the Org Owner. .. _onboarding-label: Onboarding Workflow =================== Logging in to your YubiEnterprise Delivery account always requires a YubiKey except in the first phase of onboarding. When Yubico creates a new account in YubiEnterprise Delivery, the system creates a demo user for the first Org Owner. Until that demo user enrolls a YubiKey or Security Key by Yubico, the permissions of that user/role are restricted: * Able to ship no more than ten keys * Unable to invite new members * Unable to generate API tokens * Unable to edit the email template informing recipients that they will receive shipments from YubiEnterprise Delivery. A banner on the Console informs the user of these limitations during the initial phase of onboarding. It tells the user to register a WebAuthn credential to finish enabling their account, and links to the user management page where they can register their credential (security key). For instructions, see :ref:`webauthn-creds-label`. **If the Org Owner has not already got a YubiKey, that person should use this window of opportunity to ship keys to themselves and up to nine other YubiEnterprise Delivery users.** When the demo user enrolls a YubiKey or Security Key by Yubico with YubiEnterprise Delivery for themselves, that person acquires the full permissions of an Org Owner, and all capabilities of the account are fully enabled. ---- 1. The Org Owner logs in, and clicks the privacy policy link to accept Yubico's terms and conditions. At this point, the org owner can already verify that the YubiEnterprise Console dashboard displays the information corresponding to the initial purchase order: * The expected quantities of products * The expected value of delivery shipping credits .. image:: graphics/verification.png *Verifying quantities purchased* 2. The Org Owner configures new YubiEnterprise Delivery users on the **Settings** tab by: * Entering the email addresses of the Org Members who will be managing the YubiKeys * Assigning roles to those Org Members. See :ref:`user-management-label`. 3. The system automatically emails login credentials to the Org Members. 4. The Org Members log in to the Console, review the privacy policy and accept Yubico's terms and conditions before starting to manage and/or audit your organization's inventory of Yubico products and shipping thereof. ---- Logging In ========== The following instructions are for users of YubiEnterprise Delivery. (Your own organization could decide to implement a very similar process for its own end-users of YubiKeys and/or Security Keys by Yubico.) 1. Click the link supplied in the email from YubiEnterprise Delivery, which opens in a browser. (The browser requirements are given in :ref:`prerequisites-label`) 2. Enter the username and password supplied in the same email. .. Note:: Usernames must be email addresses. Any username entered without the "@" will return an error when the user tries to log in. 3. Click the **Submit** button. The browser displays a message instructing you to insert the YubiKey and touch it when it flashes its LED(s). 4. When the LED(s) flash, touch the YubiKey until it stops flashing. (If you have dry skin, you may need to dampen your finger so the key recognizes your touch.) 5. If your organization has more than one account--for example, the EMEA organization and the US/CAN organization--the list of accounts is displayed. Click the name of the appropriate organization. .. Note:: If you allow your browser to fill in your username and password automatically, the **Submit** button might be grayed out. To activate the button, click in the password field. Session Limits -------------- .. LAAS-1683 YubiEnterprise Delivery users do not stay logged in indefinitely. After an hour of inactivity, you are automatically logged out. If the screen does not react after a period of inactivity, log out by going back to the home page and clicking the profile button at the top of the page. Then you can log in again. After 24 hours you will need to log in again in any case. Password Requirements --------------------- The password for logging into the YubiEnterprise Delivery Console must adhere to the following requirements: * Minimum length eight characters, which can be any of the following: * Alpha-numeric characters * Symbols * Punctuation marks, etc. * Must not contain any part of the username. ------------------------------------- To file a support ticket for YubiEnterprise Delivery, click `Support `_.