Provisioning is the starting point of the whole life-cycle of IoT devices. The traditional provisioning methods of IoT devices are facing several issues, either about user experience or privacy harvesting. Moreover, IoT devices are vulnerable to different levels of attacks due to limited resources and long online duration. In this paper, we proposed U2Fi, a novel provisioning scheme for IoT devices. We provide a solution to make the U2F device that has been trusted by the cloud in the distribution process, via WiFi or its side channel, to provision the new IoT device. Further, subsequent device settings modification, setting update, and owner transfer can also be performed by using a U2F device that has been trusted to improve security and provide a better user experience. This could provide helpful user friendliness to some valuable new application scenarios in IoT, such as smart hotel. Users could migrate the whole authentication of smart devices into a new site by simply inserting the universal cryptographic token into the secure gateway and authorizing by pressing the user-presence button on the token. Besides, the relevant unbinding process could also be done with a single cryptographic operation signed by the cryptographic token.