Onboard users
Limited Early Access release
The final part of this journey contains user activation tasks that you complete in the Admin Console.
Before you begin
Be sure that your users have access to their secondary email accounts before activation. This is where the YubiKey PIN and welcome email are sent.
You can customize the content of the welcome email in .
Create users in Okta
-
In the Admin Console, go to .
- Click Add person.
- Enter the user details: First name, Last name, Username, Primary email, and Secondary email. Don’t assign the user to a group.
- In the Activation dropdown menu, select Activate later. This creates the user in the Staged status.
- Click Save. Or click Save and Add Another to add more users.
- On the People page, go to .
-
Enter these user details: Primary phone, Street address, City, State, Zip code, Country code, Organization. These details are required for shipping YubiKey.
-
Click Save.
Request pre-enrolled YubiKey
When you add a user to the YubiKey group, the YubiKey template in Okta Workflows runs automatically. Yubico receives a request to ship a pre-enrolled YubiKey.
- Find the Staged user and click their name.
- On the Profile page, go to Groups. Add the user to either the YubiKey 5C NFC or the YubiKey 5 NFC group. This depends on the type of YubiKey you want to ship to them.
Activate users in Okta
Before completing this task, check the Yubico Console to verify that a YubiKey was delivered to the user.
- Next to the Staged user, click Activate in the Status column.
- In the Activate Person dialog box, click Activate User.
Result
When you activate the user in Okta, they receive a welcome email containing a sign-in URL. The first time they sign in to Okta with this URL, they must finish setting up their YubiKey to complete the authentication.
Advise users to add another phishing-resistant authenticator as a backup (like Okta FastPass) so they can access their Okta account if they lose their YubiKey.