Yubico’s YubiKey is a small device that plugs into your computer and, when properly configured, can be used to generate the 6 digit one-time code that, when combined with your personal PIN, allows you to securely authenticate with Workiva.
NOTE: You will need to have your Yubikey device on-hand and available for use to configure it for your account.
Configuring Your Yubikey Device
To configure the YubiKey you will need the appropriate version of the Yubico Cross-Platform Personalization Tool for your operating system, found on the Yubico website.
After inserting your YubiKey into a USB port, start the YubiKey Personalization Tool. Ensure that the "YubiKey is inserted" message is visible in the upper right hand corner, then click the “OATH-HOTP Mode” link.
When prompted to choose a programming method, choose Advanced.
Ensure Configuration Slot 1 is selected (1) and OATH Token Identifier is not selected (2). Then generate a random secret key by clicking the Generate button (3), and finally save the configuration settings to the YubiKey device by clicking Write Configuration (4).
After completing the configuration steps, you may see the following warning dialog. Click Yes button to proceed.
Once the configuration is complete, a message will appear in the Results box at the bottom of the window confirming the successful configuration.
With the YubiKey configuration complete, you now can proceed to the Workiva setup steps. You will need to copy the device serial number (1) and secret key (2) into a text file.
Adding an Individual Device to Workiva
If you only need to add one device to your account, you can do so through the Add Device option under the OTP Devices section of the Admin.
You will then be prompted to enter the device's Serial Number and Secret key.
Once you've entered the required information, click Add Device in the dialog window to save that device to your account.
Adding Multiple Yubikeys to Workiva
If you need to add multiple devices at once, open a text editing program such Notepad and paste the device serial number (1), followed by a comma, the secret key (2), followed by another comma, and finally the text: yubikey (3). For multiple devices, enter one set of information per line. After you've entered all your information, save this as .CSV file.
With the YubiKey device(s) configured and CSV file created, you can now go to the Workiva configuration steps. First, navigate to the OTP Devices section of the Admin. You will now import the CSV file created previously by clicking Bulk Device Import.
NOTE: Workiva also supports the use of PSKC files.
When the Device Import window appears, click the Browse button and locate the CSV or PSCK file. Once you've selected the appropriate file, click Open to select the file for upload.
Finally, click the Upload PSKC or CSV button to complete this step.
Assigning a Device
With the device(s) imported into Workiva, you can now assign a user to the YubiKey device by clicking the Assign button located to the right of each unassigned device.
Select the user that you wish to associate with this device by typing the username in the Username field, and finish by clicking the Save changes button.
The user will receive an email instructing them how to complete the setup of their personal 4 to 30 digit PIN. After configuring their PIN, the user will now enter his or her username and in the password field, enter the chosen PIN and then press the YubiKey button to complete the secure one-time use password.
If prompted for the Current OTP Device Digits, touch the button on the YubiKey. This will generate the secure 6 digit OTP code used to verify possession of the device and allow configuring your PIN.