Set up a hardware token (e.g., YubiKey) for use with Okta

Starting spring 2025, the University will replace Duo with Okta for MFA to securely access HarvardKey-protected resources. Okta is available to all HarvardKey users. Learn more about getting started with Okta.

These instructions are for HarvardKey users who want to set up a hardware token, such as a YubiKey, for Okta passwordless or multifactor authentication (MFA), to provide an extra layer of security for accounts. 

A hardware token is a small, key-like device you plug into your computer to verify your identity. The most common hardware token used at Harvard is a YubiKey. YubiKeys with fingerprint sensors or that require a PIN, can be used for passwordless or multifactor authentication. YubiKeys that require a one-time passcode can be used for MFA only. Learn more about hardware tokens here - What Is a Security Token (or Authentication Token) and How Does It Work?.

Hardware tokens as a security method are a good option when:

• Your device does not support passwordless options with Okta Verify and you want to use passwordless authentication.
• You are traveling to a high-risk country. 
• You regularly use a shared computer, such as a lab computer, where you can’t have Okta Verify set up  and you want to use passwordless authentication.
• You would like a highly secure backup method in case you experience issues with your primary device. 

Set up a hardware token 

If you don’t already have a hardware token, e.g., a Yubikey, you’ll need to buy one. If you want to use passwordless authentication, look for a model that supports biometric or PIN verification. For Harvard’s recommended models see Known Okta supported devices for enhanced HarvardKey login. 

1. Go to your Okta account settings (login.harvard.edu).
2. Log in with your HarvardKey credentials.
   1. If you don't have any security methods enrolled, you will be prompted to do so.
   2. If you already have a security method set up, you will be prompted to use it to log in.
3. Click Manage security methods.
4. Click Set up or Set up another next to “security key or biometric authenticator”.
5. You will be prompted to enter your HarvardKey password and verify using your preferred method.
6. On the “Set up security methods” prompt, click set up, under “Security Key or Biometric Authenticator”
7. Click set up, on the “Set up security key or biometric authenticator” prompt.
8. Complete the setup by following the steps below appropriate for the device you’re using. 

• • Windows computer
    • Without 1Password
    • With 1Password
  • Mac computer
    • Without 1Password

Complete setup on a Windows computer 

If you don’t use 1Password

1. Insert the hardware token in the USB port on your computer.
2. Click Set up after you read the on-screen instructions on the “Set up security key or biometric authenticator” prompt.
3. Click Security key.
4. Touch your hardware token to complete the setup.

If you’re a 1Password user

1. Launch the 1Password app on your PC.
2. Click Settings 
3. Click Security. 
4. Insert the hardware token in the USB port on your computer.
5. Click the Hardware Token in the Save passkey prompt.
   
6. In the Windows security prompt, select Use another device.
7. When prompted to choose where to save this passkey, select Security key and click Next.
8. Click OK to complete your security key setup.

Complete setup on a Mac computer

If you don’t use 1Password

1. Enable iCloud Keychain for passkey registration to work.
2. Insert the hardware token into your USB port on your computer.
3. Click Set up after you read the on-screen instructions on the “Set up security key or biometric authenticator” prompt.
4. Touch your hardware token to complete the setup.

Get help

• Chat: Log in to chat live with a HUIT technician
• Submit a ticket
• Call: (617) 495-7777