Yubico Enrollment Suite with Okta now available: An inside look at how Okta became a phishing-resistant enterprise

Phishing-resistant users build phishing-resistant enterprises. With the growing sophistication of cyber threats, enterprises that can efficiently raise the bar for security helps ensure protection of users and their data to effectively drive digital acceleration. 

To help organizations achieve phishing-resistance at scale, we recently announced the general availability of Yubico Enrollment Suite – a set of offerings that includes Yubico FIDO Pre-reg and the brand new YubiEnroll – which delivers choice to enterprises in how they fast-track to a phishing-resistant stance and go passwordless by pre-enrolling YubiKeys with their Identity Platform (IdP) before delivering to end users. Today, we’re excited to announce the availability of Yubico Enrollment Suite with Okta.

As an offering within the Enrollment Suite, Yubico FIDO Pre-reg works seamlessly with the Okta Workforce Identity Cloud to deliver pre-enrolled YubiKeys from factory to doorstep. YubiEnroll offers additional benefits to enable organizations using Okta identity and access management with the ability for IT staff and administrators to easily enroll YubiKeys on behalf of end users at their premises. Whether selecting the full service Yubico FIDO Pre-reg offering, or YubiEnroll, Okta customers have complete choice in how they adopt the highest assurance MFA with YubiKeys quickly and easily.

How Okta became truly phishing-resistant

As the inaugural partner for Yubico FIDO Pre-reg, Okta worked closely with Yubico to design and engineer the integrated solution. As part of its initiative to lead the industry in the fight against identity attacks, the Okta Secure Identity Commitment, the company became an early adopter, quickly deploying the solution to its 6,000-strong global workforce.

Okta had three goals when starting the Yubico FIDO Pre-reg rollout, centered on employees needing to easily provide an end-to-end passwordless experience and create phishing-resistant users throughout the organization. These goals included: 

  • Phishing-resistant onboarding of new users starting on day one
  • Phishing-resistant recovery of existing users, including a consistent recovery experience if a primary device or authenticator is lost
  • Avoid user friction and admin overhead

Stephen Lee, vice president of Technical Strategy & Partnerships at Okta, was part of the core team that designed the solution: “At Okta, we had rolled out a passwordless solution for our global workforce using the Okta FastPass technology. With Yubico, we saw an opportunity to leap the final hurdle to deliver an end-to-end passwordless experience. Over four months, we shipped 6,000+ YubiKeys to employees and contractors in 42 countries.” 

Using the power of Okta Workflows and Yubico FIDO Pre-reg, Okta is now a truly phishing-resistant enterprise. Highlights on the deployment include:

  • 42 countries covered globally with the delivery of YubiKeys, to remote and physical office locations
  • 6,000+ YubiKeys delivered to full-time employees and contractors worldwide
  • 100% deployment within four months
  • Zero admin overhead if an employee loses their primary authenticator or device

Building the Phishing-Resistant Enterprise

With Yubico FIDO Pre-reg, enterprise users can experience the highest assurance levels of secure passwordless access to their online accounts in minutes using the most secure form of passkey authentication, all while reducing the burden on their admins and users. Manual registration of users’ security keys is eliminated, as users receive security keys that are pre-registered with the organization’s Identity Provider (IdP) – such as Okta – by Yubico during production and shipped directly to the user, whether in corporate or residential locations. 

By effectively enrolling the end user directly in the authentication platform – without reliance on the help desk or user to make security decisions – Yubico FIDO Pre-reg empowers enterprises to enhance cyber resiliency and halt phishing attacks on help desks throughout the user account lifecycle. This eliminates critical points where they may otherwise be exposed to hijack, such as onboarding, authentication and account recovery. With Yubico FIDO Pre-reg, users can get started on the most secure form of device-bound passkey authentication – reducing time, labor, and cost burden for IT departments while accelerating security and productivity for employees.

For a full overview of all the great features and benefits of the Yubico Enrollment Suite, visit here or contact our team with any questions and to get started today. Be sure to watch our joint presentation from Oktane 2024 (note: requires registration) on Okta’s rollout of Yubico FIDO Pre-reg, and check out our video below.

Talk to our teamTalk to our team

Share this article:


  • Platform independent digital identity for all Many are understandably concerned that the great invention called the Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability […]Read moreDigital IdentityEUDIFounderStina Ehrensvard
  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU
  • Securing critical infrastructure from modern cyber threats with phishing-resistant authenticationAcross the globe, 2024 has seen a whirlwind of change. With ongoing wars, recent political change-ups and more, growth in data breaches targeting critical infrastructure continue to be on the rise. Critical infrastructure is integral to our everyday life – from the energy and natural resources powering our hospitals and providing clean drinking water, telco […]Read moreCISAcritical infrastructurezero trust