This page shows you how to setup a YubiKey security key with your user account, allowing you to perform two-factor authentication using one-time codes.

Note that using a mobile phone with the "Microsoft Authenticator" app is the IT department's recommended method for two-factor authentication. A security key will mainly be of interest if you don't want to use your mobile phone, or want an alternative login method in addition to a mobile phone.

Norsk versjon - Bruke sikkerhetsnøkkel til tofaktorautentisering

Topic page about IT services | Pages labeled with two-factor

Before you begin

• Before you begin, you must have acquired your own security key. It can be bought in NTNU's online store. Consult your manager before ordering. The cost must be covered by your department.
• You also need to install the Yubico Authenticator program on your computer. It's this program that gives you one-time codes for two-factor authentication.

If you have a Windows PC, install Yubico Authenticator from Windows Store. If you use Mac or Linux, download Yubico Authenticator from yubico.com.

Prepare for two-factor authentication

Once you have been informed that two-factor authentication is about to be activated for your user, it is a good idea to make everything ready for the day it is introduced. To complete the setup, you will need a computer and a security key.

If you have already enabled two-factor authentication and would like to use a security key as an alternative method, go directly to the Security key as an alternative method section.

1. Open a browser and go to https://aka.ms/setupmfa.
2. Select the account you want to prepare for two-factor authentication. If you see the dialog box below, log in with your NTNU account.
   
3. Then log in with FEIDE.
   
   
4. The setup of two-factor authentication is now starting. Click Next.
   
   
5. Click I want to use a different authenticator app.
   
   
6. Click Next.
   
   
7. A QR code now appears on the screen. Leave this window like this until further notice.
   
   
8. Insert your YubiKey and open Yubico Authenticator. Select Add.
   
   
9. If the QR code is visible, it will automatically fill in the fields required. Select Add.
   
   
10. Double-click the Microsoft(username@ntnu.no) entry and touch your YubiKey. The one-time code becomes visible and will be copied to the clipboard.
    
    
11. Select Next in the dialog with the QR code (from point 9) and paste - or enter the code in the box that appears.
    
    
12. Select Next.
    
    
13. The sign-in method is now registered and ready for use.

Security key as an alternative method

If you have already enabled two-factor authentication and would like to use a security key as an alternative method, follow these steps:

1. Open Security info and select Add method.
   
2. Select Authenticator-app and click Add.
   
   
3. Select I want to use a different authenticator app and click Next.
4. Continue from point 6 in section Enable two-factor authentication to complete the configuration.

Change default sign-in method

If you have registered multiple sign-in methods and want to use a security key by default, open the page Security info, and select Change (Default sign-in method). Select Authenticator app or hardware token - code.

Contact

Orakel Support Services can help you if you have questions or encounter difficulties.