I’ve finally had some time to play with the YubiKey 4C and decided I wanted to get it functioning as a second factor with Okta. This guide from Yubico seemed fairly straight-forward but I immediately ran into an issue. While the YubiKey Personalization Tool (what you use to program the YubiKey) would recognise my YubiKey, it would show that there was an unknown error.

I did a bit of hunting online and didn’t find much so reached out to Yubico’s support. To their credit I got a reply within an hour with a solution to the problem. It turns out the Personalization Tool is incompatible with Karabiner-Elements (a popular key remapper for macOS - they must get this a lot as I did indeed have it installed).

Not wanting to remove Karabiner from my system, I decided I’d try to get the YubiKey app installed in a macOS VM. This also seems to be a better idea as the guide above says you should create your YubiKey configuration on an air-gapped (not connected to a network) machine. I spun up a macOS VM without network drivers and set to work. Here comes hurdle number 2; it seems that out of the box VMWare VMs don’t like sharing the YubiKey from the Host into the VM.

If you open up the settings of a VM, you will see an item in the USB & Bluetooth tab for the YubiKey but enabling it does nothing.

Luckily it’s a pretty easy fix which I’ll outline below:

1. Make sure your VM is shut down
2. Navigate to your VM in the Finder
3. Right click on the VM and select Show Package Contents
4. Open the .vmx file with a plain-text editor (I like Atom)
5. Add the following two lines at the end of the file and save