Introduction

Note

FIDO Pre-reg with Microsoft is currently in Early Access for identity provider Microsoft Entra ID. For more information, see FIDO Pre-reg.

FIDO Pre-reg, part of YubiKey as a Service - Enrollment, provides a fully managed service that delivers pre-enrolled YubiKeys directly to end users, enabling secure onboarding from the start.

_images/yaas-overview.png

With FIDO Pre-reg the IT administrator (IT admin) for an organization can use the YubiEnterprise API together with the WebAuthn API of an Identity Provider (IdP) and automated workflows to order pre-enrolled YubiKeys for end users. The YubiKeys are pre-enrolled and shipped directly to the specific end user who received a randomly generated PIN separately.

The following sections describe how to integrate FIDO Pre-reg with Microsoft Entra ID. The instructions are intended for IT admins who are setting up shipments of pre-enrolled YubiKeys for their organization’s end users in an environment using Microsoft Entra as IdP.

The instructions assume you have IT administration skills and knowledge of YubiEnterprise Delivery API, Microsoft Azure, and Entra ID. Listed tasks include steps performed both in the Customer Portal and Microsoft Azure/Entra ID. Refer to the Microsoft documentation for more details.

Important

Before you start implementing FIDO Pre-reg, ensure you have the Customization IDs and Product IDs for the YubiKey models you will be shipping to end users. These IDs are provided by Yubico during onboarding of your organization. For more information, see Prerequisites.