The Best FIDO2 and Smartcard CMS for Azure CBA
Unphishable credentials in Azure AD In Minutes
Today's zero-trust world has made organizations rethink everything about their user onboarding. Using a credential management system (CMS) designed for today's workforce with capabilities for remote passwordless authentication onboarding and logistics software to manage your hardware keys worldwide is truly the only way to go passwordless in Azure. With EZCMS, our passwordless onboarding CMS for Azure, you can easily get started with any Entra ID passwordless authentication method, allowing you to remove the need for single-use passwords and reduce IT helpdesk calls while resting easy knowing you're more secure and unphishable than ever.
Smartcard Onboarding for Azure
We hold a special spot in our hearts for smartcard authentication, as smartcard authentication is the first passwordless authentication method ever created. It is based on X509 certificates and has been used by governments around the world for over 2 decades. Smartcard authentication is the most secure and most compatible authentication method available today; however, it also has a reputation for being the most complex to implement and manage. This is no longer the case, with modern technology such as Azure CBA and EZCMS, you can get started in minutes. To enable smartcard authentication, you need to have a Certificate Authority – you can do this by either creating an EZCA CA or by creating an ADCS CA. After creating a CA, and setting up Azure CBA you can then move forward with setting up the onboarding process by following the steps in our docs on how to create and manage your EZCMS subscription and checking the "SmartCard Onboarding" box in the EZCMS dashboard.
FIDO2 Onboarding for Azure
While FIDO2 has a reputation for being easy to use and implement, Azure and Entra ID do not offer a secure way to onboard FIDO2 keys to Azure. EZCMS removes the need to use TAPs and have users go self-register into the myaccess portal. Instead, EZCMS uses our intelligent face ID technology to verify the person requesting the FIDO2 credential is the person you expect. EZCMS years of experience has made us the only FIDO Alliance member that is able to onboard users to native Azure AD FIDO2, meaning you get all the amazing FIDO2 features Microsoft offers, with a secure and easy to use user onboarding.
Easy Setup for Azure CBA and FIDO2
While FIDO2 and smartcard authentication are similar both are needed to go fully passwordless in an Azure AD and Active Directory environment. EZCMS is the first-ever CMS to be able to onboard both Azure CBA and FIDO2 in the same key, completely transparent to the user. Our whole goal here at Keytos is to make going passwordless simple – when setting up your EZCMS subscription, everything that we do is available for you to see, and we’ve set it up so that all you need to do is click a few buttons. The user can rest easy when using their hardware key – they will not have to worry about whether they are using a smartcard or a FIDO2, they will just know that they are using their hardware key. That’s it.
Remote Passwordless Onboarding
Onboarding users in remote locations has made it harder for organizations to verify the identity of the user creating the credentials. To help organizations validate their user identity when onboarding a new user, we have created the EZCMS government ID verification system that enables fully passwordless onboarding by having the user scan their government ID and their face. We use that information and match it with your HR database, giving the user a seamless, zero touch onboarding experience while giving the organization the peace of mind that only authorized personnel are accessing their systems.
Worldwide YubiKey Distribution
A distributed workforce makes it harder for IT teams to distribute hardware keys to their users; instead of needing to create a complex ticketing and tracking system, EZCMS’s integrated logistics software allows organizations to request, assign and ship keys across the world. If you want to offload that responsibility, ask us about our managed logistics services.
Highest Level of Security and Cryptographic Attestation
EZCMS was created to guard the most critical of identities. YubiKey’s Attestation certificate allows EZCMS to not only cryptographically validate that the YubiKey being enrolled has not been interfered with, but also allows us to confirm that the YubiKey has been assigned to the user that is requesting the account. This, then, adds an extra attestation layer protecting organizations from supply chain attacks, and it is only possible with EZCMS's industry-leading technology working hand-in-hand with industry leaders
Manage Multiple Domains at Once
To help organizations that follow Azure AD identity security best practices and segregate different environments with a completely different identity perimeter, EZCMS allows you to onboard users to the different environments based on different onboarding requirements for each of your environments, giving you a centralized CMS for all your environments, facilitating user onboarding and offboarding across your environment.
Onboard To All 3 Microsoft Passwordless Methods
We understand that not everyone will want to go out and buy hardware tokens for all employees to go passwordless – that's why Keytos also supports phone authentication! Nearly everyone has a smartphone, so for those of you who would rather just use that, fear not – phone authentication is the most inexpensive and popular form of passwordless authentication. It’s incredibly simple to onboard users via phone authentication. To learn more about how EZCMS, the best FIDO2 and smartcard CMS for Azure, can help your organization’s specific use case,today! schedule a demo with one of our experts