# Base setup of YubiKey two factor

# Preamble

The server supports multiple second factors. Some of them need to be configured as an administrator. This guide will explain how to configure the Psono server to allow users to use YubiKey.

# Configuration

During the installation of the server you have created a settings.yaml that needs to be adjusted now.

Get Yubico API Keys

You can get the necessary Yubico API credentials here upgrade.yubico.com/getapikey/ (opens new window). The registration itself is available for all owners of a Yubikey (which is the reason why Yubico asks you to provide a Yubikey OTP code).
Add API keys to settings.yaml

Add the credentials from the previous steps to your settings.yaml like shown below.
```
YUBIKEY_CLIENT_ID: '123456'
YUBIKEY_SECRET_KEY: '8I65IA6ASDFIUHGIH5021FKJA='
```
Replace the values with the client ID and secret key that was provided to you by Yubico.

Restart the server afterward
Enable YubiKey support in setting.yml

Make sure that ALLOWED_SECOND_FACTORS in your settings.yaml includes yubikey_otp, e.g.
```
ALLOWED_SECOND_FACTORS: ['yubikey_otp', 'google_authenticator']
```
Restart the server afterward
(optional) Configure own Yubico server

If you have your own Yubico servers, you can specify here the urls as a list.
```
YUBICO_API_URLS: ['https://api.yubico.com/wsapi/2.0/verify']
```
Restart the server afterward

← Two Factor - iVALT 1a. Update Psono CE →