Cannot add YubiKey security key for a specific Entra ID account

Alexander Wenger 20 Reputation points
2024-08-21T05:46:34.3333333+00:00

I'm encountering an error while attempting to set up a Fido2 security key for an Emergency Access Account in Entra ID. The setup process gets stuck when prompting for the security key's PIN. This issue is specific to the Emergency Access Account, as I've successfully added the same key to two other "personal" user accounts. I also tried to create a new Emergency Access Account according to https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access but the issue persists.

When trying to set up the key, I receive the following error message in the Windows Event Log for WebAuthn:Windows Event Log Error Messge

This error appears to be preventing the completion of the security key setup process. On the User side it looks like this:

  • During the security key setup process, I encounter a repetitive prompt for PIN creation. After initially entering and confirming a PIN, the system unexpectedly returns to the PIN creation screen instead of progressing.rich text editor image
  • Upon attempting to create the PIN a second time, the process gets stuck on this screen:rich text editor image

I've verified that the account has the necessary license for MFA (Entra ID P2) and is a member of the appropriate group for Fido2 authentication. I hope for some advice on how to resolve this issue.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,441 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,371 questions
0 comments No comments
{count} votes

Accepted answer
  1. Raja Pothuraju 5,255 Reputation points Microsoft Vendor
    2024-08-23T17:57:12.8066667+00:00

    Hello @Alexander Wenger,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: Cannot add YubiKey security key for a specific Entra ID account

    Solution: Resolved by @Alexander Wenger.

    To resolve the issue, you shortened the specific user's UPN (User Principal Name), as their original username was too long. After shortening the UPN, you were able to add the key successfully.

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer", so that others in the community facing similar issues can easily find the solution.

    Thanks,

    Raja Pothuraju.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Alexander Wenger 20 Reputation points
    2024-08-21T09:51:48.1166667+00:00

    After trying everything, I could finally resolve the issue! The problem was simply that the username of the specific user was too long. After I shortened the UPN I could add the key...

    0 comments No comments

  2. Alexander Wenger 20 Reputation points
    2024-08-21T09:52:37.0633333+00:00

    After trying everything, I could finally resolve the issue! The problem was simply that the username of the specific user was too long. After I shortened the UPN I could add the key...

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.