Shipping Pre-registered Keys
This section describes how to work with shipments of pre-registered YubiKeys generated using the Yubico pre-registration service Yubico FIDO Pre-reg available through identity provider (IdP or IDP) integration.
About Yubico FIDO Pre-reg
The Yubico FIDO Pre-reg service reduces the IT administrative burden and improves end-user experience by standardizing and streamlining YubiKey onboarding and account recovery, helping organizations become phishing-resistant.
With Yubico FIDO Pre-reg, the IT administrator (IT admin) for an organization can use the YubiEnterprise API together with an identity provider’s WebAuthn API and automated workflows to order pre-registered YubiKeys for end users. The YubiKeys are pre-registered and shipped directly to the specific end user who receives a randomly generated PIN separately, and can immediately authenticate using their YubiKey.
FIDO Pre-reg Integrations
Yubico FIDO Pre-reg currently supports the following IdPs:
- Okta - see the Yubico FIDO Pre-reg with Okta Integration Guide.
- Microsoft Entra ID (Early Access) - see the Yubico FIDO Pre-reg with Microsoft Integration Guide.
Note
Currently you can only request one (1) YubiKey per shipment request using Yubico FIDO Pre-reg.
Managing Pre-reg Shipments
The following provides an overview of how to manage shipment requests for pre-registered YubiKeys.
Viewing Pre-reg Shipments
Just as for other types of shipment requests, you can monitor the status of pre-registered shipments for your organization in the All shipments page of the YubiEnterprise Console. Pre-registered shipments are indicated as AUTO FIDO PRE-REG in the Type column on the page.
To locate a specific pre-registered shipment, do the following:
- Use the Filters function to filter out pre-registered shipments. Click Filters, select Auto FIDO Pre-reg as Type, and click Apply.
- You can also use search in combination with filters to drill down further into the list of shipments. For more information, see Searching Shipments.
Editing Pre-reg Shipments
Just as for other types of shipments, you can update a pre-registered shipment from the Console until it is locked for processing and fulfillment. Shipments that can be edited are indicated with an Edit icon in the Status column of the All shipments page.
You can update the recipient and address information, the delivery type, or you can delete the shipment request. Note that products included in a pre-registered shipment request cannot be modified. For more information, see Editing or Deleting Shipments.
Viewing Customization Information
A FIDO pre-registered YubiKey is considered a customization and therefore Yubico provides each customer with a unique Customization ID. An organization’s Customization ID is required for integrations such as with Okta. To view your organization’s Customization ID, see Customizations.
To file a support ticket for YubiEnterprise Delivery, click Support.