Using FIDO U2F

If your organization has enabled FIDO Universal 2nd Factor for multi-factor authentication, when logging in you will have the opportunity to authenticate using a certificate that is linked to your Yubikey device as a second factor. If multi-factor authentication is optional for your account, you do not need to use this method. However, if multi-factor authentication using FIDO Universal 2nd Factor is required, you must have a Yubikey device issued to you and authenticate using that device before gaining access to your resources.

To use FIDO Universal 2nd Factor as an authentication method, you must use Google Chrome or Opera as your browser. Firefox and Internet Explorer currently do not support the U2F protocol.

To use FIDO Universal 2nd Factor

  1. Log in to your organization's Web portal as you would normally do so.
  2. If multi-factor authentication is optional (or required and you have multiple options available to you) and you want to enable FIDO Universal 2nd Factor for your account, select FIDO Universal 2nd Factor and click Submit.

    The MFA options available to you depends on your administrator. You may see more or less options than shown below.




    If FIDO Universal 2nd Factor is required for your account, you will not see a screen asking you to select a multi-factor option. Instead, you will see the below screen.


    You should see a message asking you to insert your security key.




  3. Making sure your Yubikey is plugged into your computer, press the button or the gold disk on the key.

    Unless another level of multi-factor authentication is required on your account, you should now be authenticated.

    If you are asked for another factor, simply select the desired authentication method and follow the steps for that method.

    When you use this method of authentication, EmpowerID generates a certificate for the Yubikey that is linked to your EmpowerID Person. No other user can use your Yubikey device to authenticate using FIDO Universal 2nd Factor authentication.