Import YubiKey OTP tokens in bulk

This topic describes how to bulk upload YubiKey OTP tokens to authenticate with CyberArk Identity.

Scan the Yubikey OTP device to get the passcode. You can direct users to Set up your YubiKey OTP for more information.

When you upload tokens, they override any existing passcodes users may have generated by scanning CyberArk Identity generated QR code if override is selected.


Verify that you have the following prerequisites before you start importing the YubiKey OTP tokens:

  • A CSV file with token information (a CSV file template is available on the bulk upload page in the Identity Administration portal).

    CyberArk Identity validates the YubiKey OTP is 12 characters and the username is valid.
  • YubiKey OTP public keys

Upload YubiKey OTP tokens

The following procedure describes how to upload your YubiKey OTP tokens from an already-configured CSV file for validation by CyberArk Identity.

If you have not enabled the YubiKey OTP policy (see Enable YubiKey OTP authentication) and YubiKey OTP Client in the Authentication Profile (see Create authentication profiles), you need to do so before users can use the generated passcodes. When you configure the YubiKey Enrollment page , you can also define if users can see the QR code from the User Portal.

To bulk upload YubiKey OTP tokens

  1. Log in to the Identity Administration portal, go to Settings > Authentication > YubiKey Configuration.
  2. Click Import.

    If you don't have a CSV file already configured, click the Bulk YubiKey OTP Template link to download a CSV template and update it.

    The CSV file must have the following column headers (header names must match exactly):

    • YubiKey ID

    • (Optional) Login Name

  3. Click Browse, navigate to your CSV file, and upload it.

    (Optional) Select Override, if necessary.

  4. Click Next.
  5. Review the first 15 rows and if they look correct, click Next.

    If you see an error, cancel the upload, and fix the error.

  6. Confirm the email address or enter a different one where the bulk import report is sent and click Confirm. If you see an error, cancel the upload, and fix the error.
  7. Refresh the YubiKey Configuration page to see the uploaded instance.

    The refresh might take a while if the list is long.



Create authentication profiles