YubiKeys can be used for Multi-factor authentication (MFA) to the JumpCloud® User Portal. Yubico Authenticator for Desktop can be used with Windows® and Mac® machines. This article walks you through setting up Yubico Authenticator MFA on Windows machines. For instructions on setting up Yubico Authenticator MFA on macOS machines, see Set Up Yubico Authenticator MFA for macOS.
Tip: You can use a YubiKey 5 NFC or YubiKey NEO with the Yubico Authenticator for Android App.
The following procedure includes steps to be completed by both JumpCloud administrators and JumpCloud users. We recommend that administrators observe users as they complete the user-specific steps in this procedure.
- Requiring MFA for users - JumpCloud admin
- Downloading and installing the Yubico Authenticator for Desktop application on your Windows and macOS machines - JumpCloud user or admin
- Determining the state of the YubiKey - JumpCloud user
- Setting up YubiKey MFA in JumpCloud - JumpCloud user
- Setting up YubiKey MFA in Yubico Authenticator - JumpCloud user
After you complete the procedure in this KB, you can use YubiKey as a second factor for MFA.
Supported VersionsYou can use the YubiKeys listed here with Yubico Authenticator for Desktop. Identify your YubiKey.
You cannot use YubiKeys in the Security Key series for JumpCloud MFA. YubiKeys in the Security Key series do not support one-time-password (OTP).
The procedure outlined in this article uses a YubiKey that can be inserted into a macOS machine USB or USB-C port. The following Yubikeys can be inserted into macOS machine USB or USB-C drives:
- YubiKey 4C
- YubiKey 4C Nano
- YubiKey 5C
- YubiKey 4C Nano
To complete the procedure in this article, JumpCloud users should have a YubiKey that can be inserted into a macOS machine USB or USB-C port.
To set up Yubico Authenticator MFA on a Windows machine:
1 (JumpCloud Admin) Require MFA for users
- In the JumpCloud Admin Console, go to the User Security Settings and Permissions sections of a user’s Details tab.
- Select the Require Multifactor Authentication on User Portal option.
After you select this option, you can apply an enrollment period for the user as needed. Learn more about enrollment periods in this KB article: Using Multifactor Authentication with JumpCloud.
- Click save user. Users with MFA enabled for their account have an orange unlocked padlock icon in the MFA Status column of the JumpCloud Admin Portal Users list.
- After you save, the user receives an email message from JumpCloud-Notifications (firstname.lastname@example.org), with the subject "MFA Now Enabled on your JumpCloud Account." Users can click a link in this email or login to the JumpCloud User Portal to setup MFA for their account.
2 (JumpCloud User or Admin) Download and install the Yubico Authenticator for DesktopIf a user doesn't have administrator privileges to install applications on their machines, the JumpCloud admin will have to install the Yubico Authenticator for Desktop application for the user.
- Download the Microsoft Windows (32 Bit) or (64 Bit) Yubico Authenticator for Desktop application from https://www.yubico.com/products/services-software/download/yubico-authenticator/.
- After downloading completes, install the application on the Windows machine.
3 (JumpCloud User) Determine the state of the YubiKey
- Open the Yubico Authenticator for Desktop application on the Windows machine. The authenticator application shows a message that reads "No YubiKey detected."
- Insert the Yubikey into a USB port on the Windows machine.
- If the Yubikey is new, the Yubico Authenticator application shows a message that reads "No credentials found." Users create a new set of credentials in Step 5.
- If the Yubikey has been used previously, credentials for an existing user appear. If they key shown is currently in use by the user for other credentials, you can proceed with setting up YubiKey MFA for the user.
- Otherwise, reset the key from File > Reset. You are warned that this action can’t be undone.
4 (JumpCloud User) Set Up YubiKey MFA in JumpCloud
- Log in to the JumpCloud User Portal: https://console.jumpcloud.com.
- Click Setup MFA.
- On the Setup Multifactor Authentication dialog, click Continue.
- You are provided with a QR code and a long alphanumeric TOTP key. You can either select and copy the key or use the Yubico Authenticator File > Scan QR Code option.
5 (JumpCloud User) Set Up YubiKey MFA in Yubico Authenticator
- Open the Yubico Authenticator application.
- From the File menu, select New Credential.
- In the New Credential dialog:
- For Issuer, enter JumpCloud User.
- For Account name, enter the user's email address.
- For Secret Key, paste the TOTP key that was previously copied from the JumpCloud User Portal.
- Click Save Credential.
- In your browser, return to the JumpCloud User Portal Setup Multifactor Authentication dialog. Enter a subsequent pair of six-digit codes shown in the Yubico Authenticator application dialog. After you enter the six-digit codes, you are logged into the JumpCloud console and the Multifactor Setup Complete dialog appears.
In the JumpCloud Admin Console, the user now has a green locked padlock icon in the MFA Status column.
After Yubico Authenticator MFA is set up for a JumpCloud user, they can use their YubiKey to get a TOTP to login to applications that require MFA.