Yubikey or FIDO2 Security Key Setup

 Back Top Prev Next Print

Begin by installing the Microsoft Windows App. Refer to the following for details on Windows App: What is Windows App? - Microsoft Learn

 

Follow the instructions below. 

 

hmtoggle_arrow1Windows

Download the Windows App from the Microsoft Store. 

 

hmtoggle_arrow1MacOS

Download the Windows App from the App Store.

 

hmtoggle_arrow1Prerequisites

Jim2Cloud username and password (as per existing Jim2Cloud environment) 

Windows App 

Yubikey or other FIDO2 security key

 

hmtoggle_arrow1Yubikey/FIDO2 Security Key Onboarding

1.Log in to myaccount.microsoft.com/ with your Jim2Cloud account (eg. joe.bloggs@company.jim2.cloud).

2.Approve the MFA prompt to complete the sign-in (if already enrolled for MFA)

3. Under Security info, click UPDATE INFO.

 updateinfo 

4.Select + Add sign-in method.

addsignin

 Select Security Key from the dropdown.

seckey

passkey

5.Select USB device.

seckey1

6. Follow the prompts to enrol the Yubikey/FIDO2 Security Key.

seckey2

7.If prompted where to save this passkey, select Security Key.

seckey3

8. Click OK to confirm the Security key setup. 

seckey4
seckey5

9. If a PIN is not already configured on the Yubikey/FIDO2 Security Key, you will be prompted to configure one.

info

Note: This security requirement is imposed by Microsoft, and is not optional or configurable.

10.You will be prompted to enter the PIN for the Yubikey/FIDO2 Security Key on each MFA prompt (currently every 90 days).

seckey6

11. Enter the existing PIN, or enter a new PIN (minimum 4 digits) to secure the Yubikey/FIDO2 Security Key, then click OK.

seckey7

12. Touch the Yubikey/FIDO2 Security Key when prompted.

seckey8

13. If successful, click OK to continue.

seckey9

14. Enter a descriptive name for the Security Key, then click Next. 

seckey10

14.To test the Yubikey/FIDO2 Security Key, click Sign out everywhere.

 seckey11

15.In the Windows App, refresh the Apps list to trigger a sign-in.

 seckey12

16.When prompted to sign-in, click Sign in with Windows Hello or a security key.

seckey13 

If prompted to select a Passkey, select Security Key, then click Next.

seckey14 

17.Enter the PIN configured on the Yubikey/FIDO2 Security Key, then click OK.

seckey15

18. Touch the Yubikey/FIDO2 Security Key to complete the sign in.

seckey16

19.The Jim2Cloud account will be signed in on the device for 90 days, at which point you will be prompted to present the Yubikey/FIDO2 Security Key again.

info

Note: You may receive an MFA prompt when unusual activity is detected. For example, if you sign in from a new device, a different state or country, or if your hardware setup changes significantly, this may trigger an MFA prompt. This proactive measure helps to ensure that even if your password is compromised, unauthorised access is still prevented.

20.If the device is compromised, contact Happen Support and request for the Yubikey/FIDO2 Security Key to be disabled and the login session signed out.

 

Further information

MFA on Shared Devices

Passwordless Signin with Microsoft Authenticator