...
Prerequisites
- YubiKey 4 and newer
- Yubikey Manager
- Active Directory account
- Windows domain-bound machine (necessary for Enrollment)
- Logged in as the account that will appear on the certificate
- Account is member of CLAWS managed group its-certs-smartcard
- Find someone on Systems or IA team
- Download direct from Yubico: https://www.yubico.com/support/download/yubikey-manager/#h-downloads Windows
- https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-win64.exe
- Mac
- Linux
Expand title SCCM Software Center
Process
New Setup
- Run the Yubikey Manager application and insert your key
- Click on Applications and then click on PIV
Change PIN if Yubikey is fresh out of the box or it's been defaulted
Note skip to Enrollment if Yubikey is already initialized
- Click on Configure PINs
- Click Change PIN and then check Use default (if it is default).
Choose a PIN between 6 - 8 characters.
Finish with changing PIN by clicking on Change PIN - Click on Change PUK and then check Use default (if it is default).
Choose a PUK between 6 - 8 characters.
Finish with changing PUK by clicking on Change PUK - Click on Change Management Key and then check Use default (if it is default).
Click on Generate a few times to randomly create a new management key.
Choose AES256 as Algorithm.
Finish with changing the key by clicking on Finish
- Click on Configure PINs
...