Onboarding
This section describes how to onboard YubiEnterprise Services and getting access to the YubiEnterprise Console to start creating shipment requests.
When your Yubico sales person or a channel partner has issued a purchase order for the desired products, subscriptions, and services for your organization, the onboarding procedure starts. This includes setting up accounts for your organization and providing access to the Console.
Procedure Overview
When Yubico has received the initial purchase order for your organization, an account is created for your organization and the purchased products and services are added to the account.
When the account is created, an activation email is automatically sent to the email address of the first user added to the organization’s account. This user is assigned the Console Owner role, and is added as a demo user with permissions restricted as follows:
- Cannot ship more than 10 YubiKeys
- Cannot add new Console users
- Cannot generate API tokens
User permissions remain restricted until the demo user registers a security key as part of the onboarding. When a security key has been registered for the account in the Console, the user acquires full Console Owner permissions.
The first Console Owner performs the following actions during their onboarding:
- Activates account and performs initial login to the Console.
- Verifies the content of the first purchase order.
- Creates an initial shipment request of maximum 10 YubiKeys (optional).
- Registers at least one security key for their user account to get full feature access.
- Adds Console users as needed for the organization, at least one more Console Owner is recommended.
The onboarding procedure is described in more detail in the following.
Prerequisites
The following is needed for the onboarding:
- A browser such as Chrome, Firefox, or Edge, with the popup-blocking function disabled.
- Email with account activation link provided by Yubico. Note that the link expires after 7 days.
- To get full Console feature access, you need to register a YubiKey.
Note
To use the YubiEnterprise API you also need access to the Console to be able to set up an API caller user account with an associated API token. For more information, see API Onboarding Playbook.
Onboarding Procedures
The first user account registered with an organization will also automatically be the first Console Owner (account owner) for the organization. Onboarding a first Console Owner and registering a YubiKey for this account is required to be able to add more Console users for the organization and create shipment requests for YubiKeys.
Note
It is recommended to have at least two users with the Console Owner role as this is the only role that can perform password and account resets. If your organization only has one Console Owner and that person locks themselves out or leaves your organization, you must contact Yubico to set up a new Console Owner. To add users and assign roles, see Adding or Deleting Users.
The YubiEnterprise Console uses Passwordless Authentication through YubiKeys. Only passkeys stored on security keys (device-bound passkey) are allowed when logging in. When accessing the Console, you will only use a password during onboarding of your organization as the first user (Console Owner) logging in for the first time.
Activating First User
To activate your account and onboard as the first Console user, do the following:
Click the Activate your YubiEnterprise account link in the activation email you received from Yubico.
Create a strong password following the recommendations in the activation dialog and click Activate Account.
In the YubiEnterprise Console login page that opens, click Login.
In the Welcome to the YubiEnterprise Console dialog, click Sign in with Password.
Note
The “Sign in with Passkey” option displayed in the dialog will be used once you have registered a YubiKey.
Enter your email address and the previously created password, and click Sign in with Password.
In the YubiEnterprise Console Acceptance Use Policy dialog, click I agree to continue.
When successfully logged in you will be taken to the Dashboard page for your organization where you can see your initial purchases and YubiKey license inventories. Since you have not yet registered a YubiKey, you will be notified that you are in “demo mode” with limited feature access.
Register at least one YubiKey to get full Console feature access, if you have a YubiKey available at this point. If you do not have a YubiKey, you can still order up to 10 keys as a demo user, and register a key when you have one. Continue to step 13 to create an initial shipment request for YubiKeys if you do not have any.
If you have a YubiKey, click the link in the demo mode message at the top to register a passkey on your YubiKey. In the dialog that opens, click Create Passkey.
When prompted, tap your YubiKey and provide the PIN associated with the YubiKey.
A passkey is created on the YubiKey, and a passkey confirmation dialog is displayed. A notification with details about the registered YubiKey is sent to the email address associated with your Console account.
It is recommended that you register an additional YubiKey as a backup to avoid losing access to the Console. This can be done at any time. Click Yes, create another to register a spare YubiKey and follow the instructions. Click No, I’m done for now to continue without registering a spare key.
- When you have registered a YubiKey, you will be prompted to log out and in again using the YubiKey. In the Welcome to YubiEnterprise Console dialog, click Sign in with Passkey, tap your YubiKey, enter the PIN, and tap your YubiKey again to log in.
- When you have registered at least one YubiKey you will get full feature access.
- Create a first shipment request. For more information on how to create a shipment request, see Working with Shipments. If you did not yet register a YubiKey, you have the option as demo user to request a shipment of up to 10 keys for yourself and other users in your organization. When you have a YubiKey available, follow the steps in the Console login dialog to log in with passkey and gain full feature access, see steps 8-11.
- Add an additional Console Owner for your organization, if not already done (you must first have registered a YubiKey to be able to do this). It is recommended to have at least two users with the Console Owner role. Click Add Console Owner in the notification message at the bottom right of the page.
- Add more Console users as needed for your organization, for example IT administrators that will be managing shipment requests, or API integration user accounts. For more information, see Roles and Permissions. The system will send activation emails to each new user so they can log in and activate their account as described in Activating User Accounts. New users will need to register a YubiKey to be able to log in to the Console.
Activating User Accounts
Note
If your organization has Single sign-on (SSO) enabled, new users do not have to activate their account. Users are immediately added to the organization in the Active state and can use the SSO service-provider-initiated login link to log in to the Console. For more information, see Authenticating with SSO.
When a Console Owner has added you to the YubiEnterprise Console as a member of your organization you will receive an account activation email from Yubico. You will need a YubiKey to be able to log in to the Console as a new user.
To activate your account and log in to the Console for the first time, do the following:
Have your YubiKey ready and click the Activate your YubiEnterprise account link in the activation email from Yubico.
In the setup dialog, click Activate Account.
When prompted, tap your YubiKey and provide the PIN associated with the YubiKey.
A passkey is created on the YubiKey, and a passkey confirmation dialog is displayed. A notification with details about the registered YubiKey is sent to the email address associated with your Console account.
You will be prompted to register an additional YubiKey as a backup to avoid losing access to the Console if the original key is lost. This can be done at any time. Click Yes, create another to register a spare YubiKey and follow the instructions. Click No, I’m done for now to continue without registering a spare key.
To activate your account, you will be prompted to log out and in again using the newly registered YubiKey. Follow the instructions to log in.
In the YubiEnterprise Console Acceptance Use Policy dialog, click I agree to continue.
You will be taken to your organization’s Dashboard page which provides an overview of available inventory, and recent shipments and purchase orders.
You are now ready to start working in the YubiEnterprise Console! To begin, see the Getting started section.
Distributors and Resellers
Yubico channel partners can use the Distributor and Reseller views in the YubiEnterprise Console to see what was sold to associated end customers, monitor their inventories, and provide access to purchase order information.
To onboard as an account owner for a channel partner organization, follow the procedure for Activating First User. When adding Console users for your organization, you can assign the Distributor and Reseller roles to those specific users. These roles provide access to the Distributor and Reseller views. To add users and assign roles, see Adding or Deleting Users.
For more information about channel partner roles, see Roles and Permissions. For more information about channel partner views, see Dashboard.
To file a support ticket for YubiEnterprise Delivery, click Support.