Integration Procedure

The following provides an overview of the steps to get started using FIDO Pre-reg with Microsoft Azure components and Entra ID to create a first shipment of a pre-enrolled YubiKey.

Prerequisites

Ensure you have the following before starting the implementation procedure:

Provided by Yubico:
- A Yubico subscription plan. For questions about Yubico subscription services, contact your Yubico sales representative.
- Yubico Customer Portal access with FIDO Pre-reg enabled. This is provided during onboarding of your organization.
- Customization ID (CID), Product ID, and Inventory ID for the YubiKey delivery.
- An ARM template JSON file for deploying components in Azure.
- Credentials for the Yubico container registry for the FIDO Connector app.
- An Azure Resource Group permissions template.
An Azure Portal Subscription with a Resource group supporting the Container app, Azure table, Key Vault, and Logic App resource types.
An Office 365 License or another preferred email service to send PINs to end users.
A defined method for sourcing shipping addresses for the YubiKey recipients.
A defined preference for how recipients will receive YubiKey PINs, for example via email.
The following administrative roles are required for the implementation:
- Application Administrator role in Microsoft Entra ID.
- Authentication Policy Administrator role in Microsoft Entra ID.
- Global Administrator role in Microsoft Entra ID.
- Privileged Role Administrator role in Azure.

Integration Steps

The following steps lets you set up the FIDO Pre-reg integration and create a first shipment of a pre-enrolled YubiKey:

Configure required Azure permissions for integration developers.

Configure Microsoft Entra ID to enable container authentication.

Deploy Azure components such as Resource group and ARM template.

Test and verify the deployment using for example a Test client.

Create shipment of pre-enrolled YubiKey from your organization’s IT environment.

The sections in the following describe each step in detail.