Login Subflows: Email is Connected to Organization’s Microsoft 365/Azure AD Tenant

This chapter covers the second half of the process for signing into an account on Yubico’s AWS portal for email addresses that are connected to an organization’s Microsoft 365/Azure AD tenant.

Before following the steps in this chapter, verify that you have completed the first half of the sign-in process.

Login Subflows for this Category

Complete the subflow below that best matches your personal situation:

• Your organization has enabled MFA (multi-factor authentication) with FIDO2 security keys.
• Your organization only requires an email and password.

If you run into any issues while attempting to sign in, please reach out to aws.marketplace@yubico.com for assistance.

Your Organization Has Enabled FIDO2 Security Keys to Sign In

This login scenario requires the following:

• Your account email address is connected to your organization’s Microsoft 365/Azure AD tenant.
• Your organization’s tenant has enabled passwordless authentication with FIDO2 security keys (such as YubiKeys).
• You have a FIDO2 security key that is already connected to your account.

Steps

If the above requirements have been met, complete the login process as follows:

1. After entering your email on the Microsoft login page, insert your security key into your device when prompted.

   

2. Enter your security key’s PIN and click OK.

   

3. When prompted, touch your security key to complete authentication.

   

4. If this is your first time logging in, you will be prompted to review permissions. Click Accept to continue to your account.

You are now signed into your account in Yubico’s AWS portal.

Your Organization Requires an Email and Password to Sign In

This login scenario requires the following:

• Your account email address is connected to your organization’s Microsoft 365/Azure AD tenant.
• Your organization only requires an email and password when logging in.
• You have downloaded the Microsoft Authenticator application on your mobile device.

Note

Even if your organization’s Microsoft 365/Azure AD tenant does not require MFA, Yubico’s tenant will still require MFA via the Microsoft Authenticator app with this login flow.

Steps

If the above requirements have been met, complete the login process as follows:

1. After entering your email on the Microsoft login page, enter your password and click Sign in.

   Note

   Enter the same password that is used for signing into your email account or other Azure AD protected resources that are managed by your organization.

   

2. If you have signed into your account before and set up Microsoft Authenticator, you will be prompted to approve a login request on your mobile device. Open the application and approve the request to sign in.

   

   If this is your first time signing in, you will be prompted to set up MFA with Microsoft Authenticator. Click Next and proceed to the following step.

   

3. If you haven’t already, download the app on your mobile device. Once you have done so, click Next.

   

4. In Microsoft Authenticator, add an account and select Work or school. Return to your browser and click Next.

   

5. Scan the QR code in your browser with the Microsoft Authenticator app to connect the app with your Microsoft 365/Azure AD account, and click Next.

   

6. Your Microsoft 365/Azure AD account will now send a notification to your Microsoft Authenticator application. Open the app and approve the notification. Return to the browser and click Done.

   

7. Your first time logging in, you will be prompted to review permissions. Click Accept to continue to your account.

You are now signed into your account in Yubico’s AWS portal.