Introduction

With Yubico FIDO Pre-reg the IT administrator (IT admin) for an organization can use the YubiEnterprise API together with the WebAuthn API of an Identity Provider (IDP) and automated workflows to order pre-registered YubiKeys for end users. The YubiKeys are pre-registered and shipped directly to the specific end user who received a randomly generated PIN separately.

The following sections describe how to integrate Yubico FIDO Pre-reg with Okta. The instructions are intended for IT admins who are setting up shipments of pre-registered YubiKeys for their organization’s end users in an environment using SSO and Okta as IDP.

The instructions assume you have IT administration skills and knowledge of YubiEnterprise Delivery API and Okta. Listed tasks include steps performed both in the YubiEnterprise Console and Okta. Refer to the Okta documentation for more details.

Important

Before you start implementing Yubico FIDO Pre-reg, ensure you have the Customization IDs and Product IDs for the YubiKey models you will be shipping to end users. These IDs are provided by Yubico during onboarding of your organization. For more information, see Prerequisites.