Configure FIDO2 Security Key

    Add Key for Azure MFA Login

    Start with the USB FIDO2 Security key disconnected from the computer.

    1. Browse to https://mysignins.microsoft.com/security-info.
    2. On the Security Info page, click the + Add sign-in method button.
    3. Select Method Security key and click the Add button.


    4. If prompted to sign in with two-factor authentication, click Next and proceed with two factor authentication (e.g. mobile device authenticator app).


    5. Select type of security key USB device.


    6. At the Security key page, click Next.


    7. When prompted where to save the passkey, select Security key.


    8. When prompted to confirm the request to setup a security key from chrome app, click OK.


    9. When prompted to continue setup, click OK.


    10. When prompted, insert the FIDO2 key into an available USB port.
    11. When prompted, select a PIN code for the FIDO2 key.
      Note - if you have already set a PIN code for the FIDO2 key (e.g. for authentication to another system), enter the existing PIN code.


    12. When prompted, press the button on the FIDO2 key.
      Note - the THETIS FIDO2 keys are a physical button and require slightly more force than a 'touch'.  They will 'click' when pushed.
    13. At the Passkey Saved screen, click OK.


    14. When prompted, select a name for your security key, then click Next.
      If you have multiple key registered to your Azure account, the name will be used to distinguish key from each other.  The model of security key (e.g. Thetis Pro) may be a good choice for name.
    15. Key should now be displayed in the list of sign-in methods.



    Change FIDO2 Security Key PIN

    1. From Windows control panel, navigate to Accounts -> Sign-in options
    2. Expand Security key section and click Manage
    3. Insert and/or touch the security key button as prompted
    4. From the Windows Hello setup, under the Security Key Pin section, click Change 
    5. Enter old and new PIN codes as prompted


    Login to Office 365 or other Azure SSO Site with FIDO2 key

    1. Navigate to https://portal.office.com/ or another site secured with Azure SSO
    2. Enter email address and click Next
    3. If prompted for a password, click Other ways to sign in


    4. Select Face, fingerprint, PIN or security key sign-in method


    5. At the Windows Security prompt, select Use another deviceEntering a PIN at this screen will authenticate using your Windows Hello computer pin.


    6. When prompted to select a device, choose Security key


    7. Enter PIN code, click OK.


    8. Press the button on the security key when prompted.
    Published