MFA-How to Set up a Security Key for Multi-Factor Authentication

Prior to key set up the staff member receiving the key needs to be added to a FIDO2Pilot group. This can take up to 30 minutes to sync.

Please use Google Chrome for this process

In Azure AD: 

1. Navigate to Users>search user>select user

2. On the left: select Authentication methods

3. Select “+ Add Authentication Method” under authentication methods 

4. Select Temporary Access Pass from the drop down menu

5. Change minutes to 60 minutes if it isn’t already

6. Click Add

7. Write down the temporary access pass for the user since this is the only time it will be displayed

On the device:

1. Go to the portal>Applications>Microsoft Security Info (MFA)

2. Staff member will need to sign in and they may need to use the Temporary Access Password or a previously registered MFA method

3. Click Add Sign-in method 

4. Select Security Key>select USB device>click Next on the screen to have your key ready

5. Click on Try another way under the QR code if it pops up

6. Progress through the next screens by clicking OK

7. When prompted insert the security key (gold side up) and touch the key to activate it when prompted

8. Staff member will need to create a PIN number (4+ digits - can’t be 0000)

9. Staff member will be prompted to tap the key on the sensor a couple of times (keys can be sensitive when activating the touch sensor)

10. Staff member will need to create a name for the security key and click Done

11. Delete the temporary access pass under the My Sign Ins area after the key is setup