Set up YubiKey - Okta flow

Limited Early Access release

The second part of the journey contains tasks that you complete in the Okta Workflows Console. Complete each task in order, and then go to the next step.

Create a connection from the current Okta org

  1. In the Okta Workflows Console, go to ConnectionsNew Connection.
  2. Select the Okta connector.

  3. In the New Connection window, enter the Connection Nickname. This is the display name you want to appear in your list of connections.

  4. In the Domain field, enter your Okta org domain without https:// (for example, company.okta.com). If your org uses a custom domain, enter the custom domain.
  5. Enter the Client ID and Client Secret. To find these values, follow these steps:
    1. In the Admin Console, go to ApplicationsApplications.
    2. Go to Okta Workflows OAuthSign on tab.
    3. Copy the values for Client ID and Client Secret.
  6. Click Create.

Create a connection from the Yubico org

  1. Generate an API token in your Yubico org. Go to your YubiEnterprise Console ProfileGenerate new API token.
  2. Make a copy of the token and store it in a secure location.
  3. In the Okta Workflows Console, go to ConnectionsNew Connection.
  4. Select the Yubico connector.

  5. In the New Connection window, enter the Connection Nickname. This is the display name you want to appear in your list of connections.

  6. In API Secret, paste the API token from Yubico, and then click Create.

Set up the Okta Workflows template for pre-enrolled YubiKey

  1. Go to Okta Workflows ConsoleFlows.
  2. In Folders, create a folder.
  3. Click the three-dot menu for the folder where you want to import this template and click Import.
  4. Upload the flow template from your computer and click OK.

Activate Okta and Yubico connection in the flows

The imported template folder includes three Workflows: Create shipment, Call enrollment API, and Call activate API. Complete the following steps for each flow.

  1. Open the flow and find the cards with an Okta or Yubico connection.
  2. Click Choose connection.
  3. Select your Okta org or Yubico org. Click Save. A green check mark appears next to Okta and Yubico, indicating the connection is successfully established.
  4. Repeat for all other cards and the flows in the template.
  5. In the folder, turn on each flow by toggling the on/off switch.

Update Create shipment flow

  1. Open the Create shipment flow.
  2. In the Edit Conditions card, open the dropdown menu.
  3. Update the following fields with the prerequisite values that you received from Yubico Support, and then click Save.
    • If product_id: Your custom product ID for the YubiKey 5 NFC
    • If inventory_product_id: Your subscription ID
    • Else if product_id: Your custom product ID for the YubiKey 5C NFC
    • Else if inventory_product_id: Your subscription ID

Result

After Yubico fulfills the request and the credential is activated in Okta, a YubiKey PIN is generated and sent to the user’s secondary email address.

Next step

Onboard users