Introduction

FIDO Pre-reg, part of YubiKey as a Service - Enrollment, provides a fully managed service that delivers pre-enrolled YubiKeys directly to end users, enabling secure onboarding from the start.

_images/yaas-overview.png

With FIDO Pre-reg the IT administrator (IT admin) for an organization can use the YubiEnterprise API together with the WebAuthn API of an Identity Provider (IdP) and automated workflows to order pre-enrolled YubiKeys for end users. The YubiKeys are pre-enrolled and shipped directly to the specific end user who received a randomly generated PIN separately.

The following sections describe how to integrate FIDO Pre-reg with Okta. The instructions are intended for IT admins who are setting up shipments of pre-enrolled YubiKeys for their organization’s end users in an environment using SSO and Okta as IdP.

The instructions assume you have IT administration skills and knowledge of YubiEnterprise Delivery API and Okta. Listed tasks include steps performed both in the Customer Portal and Okta. Refer to the Okta documentation for more details.

Important

Before you start implementing FIDO Pre-reg, ensure you have the Customization IDs and Product IDs for the YubiKey models you will be shipping to end users. These IDs are provided by Yubico during onboarding of your organization. For more information, see Prerequisites.