Integration Procedure

The following provides an overview of the steps to get started using Yubico FIDO Pre-reg with Microsoft Azure components and Entra ID to create a first shipment of a pre-registered YubiKey.

Prerequisites

Ensure you have the following before starting the implementation procedure:

• Enterprise Plus plan subscription. For questions about Yubico subscription services, contact Yubico Support.
• YubiEnterprise Console access with FIDO Pre-reg enabled. This is provided by Yubico during onboarding of your organization.
• Customization IDs (CID), Product IDs, and Subscription IDs for the YubiKey models you will be shipping to end users. Provided by Yubico.
• A YubiEnterprise API token, see Generating API Tokens.
• An ARM Template JSON file, provided by Yubico.
• A Docker Image for the Yubico FIDO Connector app, provided by Yubico.
• An Azure Resource Group permissions template provided by Yubico.
• The following administrative roles are required for the implementation:
  • Application Administrator - when registering apps (Microsoft Entra ID).
  • Authentication Policy Administrator - when enabling passkey authentication (Microsoft Entra ID).
  • Global Administrator - when registering apps and granting admin consent for tenant (Microsoft Entra ID).
  • Privileged Role Administrator - when granting Logic App permissions (Azure deployment).

Integration Steps

The following steps lets you set up the Yubico FIDO Pre-reg integration and create a first shipment of a pre-registered YubiKey:

1. Configure required Azure permissions
2. Configure authentication and register apps in Microsoft Entra ID
3. Deploy apps and infrastructure components in Azure
4. Test and verify the Azure deployment
5. Create your first pre-registered YubiKey shipment request

The sections in the following describe each step in detail.