Introduction

Note

Yubico FIDO Pre-reg with Microsoft is currently in Early Access for identity provider Microsoft Entra ID. For more information, see Yubico FIDO Pre-reg.

With Yubico FIDO Pre-reg the IT administrator (IT admin) for an organization can use the YubiEnterprise API together with the WebAuthn API of an Identity Provider (IdP) and automated workflows to order pre-registered YubiKeys for end users. The YubiKeys are pre-registered and shipped directly to the specific end user who received a randomly generated PIN separately.

The following sections describe how to integrate Yubico FIDO Pre-reg with Microsoft Entra ID. The instructions are intended for IT admins who are setting up shipments of pre-registered YubiKeys for their organization’s end users in an environment using Microsoft Entra as IdP.

The instructions assume you have IT administration skills and knowledge of YubiEnterprise Delivery API, Microsoft Azure, and Entra ID. Listed tasks include steps performed both in the YubiEnterprise Console and Microsoft Azure/Entra ID. Refer to the Microsoft documentation for more details.

Important

Before you start implementing Yubico FIDO Pre-reg, ensure you have the Customization IDs and Product IDs for the YubiKey models you will be shipping to end users. These IDs are provided by Yubico during onboarding of your organization. For more information, see Prerequisites.