Contact Us

Getting Started with Smart Card Authentication – A Beginner’s Guide to Going Passwordless

How use smartcards in Entra ID
30 Nov 2024

Phishing Resistant Authentication with Smartcards in Entra ID

The quest for unphishable authentication and credentials has been going on for quite some time now. In our humble opinion it’s about damn time that more organizations took the task seriously. Just last year, roughly 50% of all breaches started with stolen credentials. It should go without saying that the most effective way to combat this problem is by removing the most vulnerable piece of the puzzle, the password! We’ve been writing at nauseum about the problem with passwords, and how they’re making your organization susceptible to threats, so we’re thrilled that you’re taking the time to explore how to go passwordless using smartcards! In this beginner’s guide, we’re going to take you through the entire process (at an exceptionally high level, if you want a step by step click on the ultimate guide at the bottom of this page) to give you a look at what it’s like to go passwordless using smartcards.

Step One: Set Up CBA in Entra ID

The initial phase involves activating Azure Certificate-Based Authentication (CBA). To facilitate this process, we will leverage our Azure-integrated Certificate Authority, EZCA, as it offers a streamlined and expedited approach. However, should you possess an existing Active Directory Certificate Services (ADCS) CA and prefer to utilize it, it is entirely feasible to connect your EZCMS instance with ADCS.

How to Setup Entra CBA in Azure

No need to panic! Take a peek at the video below to actually SEE how the process works. If you’re more of a written tutorial person, we’ve outlined the steps for you to eliminate any guesswork associated with the process. Below you’ll see links to each-and-every step along the way to guide you on your path towards zero-trust!

1) Create your root Certificate Authority


2) Create your EZCMS instance


3) Create your smartcard Certificate Authority


4) Add the Certificates to Azure CBA

5) Enable Your Smartcard Providers

6) Register your tenant in EZCMS and add the CA we created before.

7) Once your tenant is connected, set yourself as an HR administrator and add yourself to the HR database.

Now that we’ve set up CBA, let’s continue our journey on the path towards zero trust and finish creating our unphishable smartcard credentials!

Step 2: Create a Certificate for Azure Smartcards

After you’re through setting up EZCMS and activating Azure CBA, it’s time to get your first Azure Smartcard set up. Start by heading over to the portal to put in a request for a smartcard. Next, using the EZCMS client and your admin account, go ahead and assign the smartcard to yourself.

How To Issue a Smartcard Certificate for Entra CBA

With that done, we’re ready to issue the certificate for the smartcard. This can be done either by scanning your government ID if you’re on the premium plan, or by using your existing Azure Active Directory (AAD) identity. This process will ask you for the pin you want to setup and automatically set up your smartcard for use with Entra CBA, and you’ll be well on your way to a passwordless future!

How To Print and Ship Smartcards

Now that you’ve seen exactly how easy it is to go passwordless, it’s time to break some “bad” news to you…if there is a challenging component to this process, it is without question the printing and distribution of the smartcards. Good news though…we’ve built our technology to specifically remedy the issue and make the entire process of sourcing to printing to shipping integrated into one easy-to-use platform! Our software is equipped with an integrated ticketing system designed to streamline the assignment and shipment of smartcards in response to user requests, ensuring full insight and seamless integration throughout the distribution and printing journey. Keytos truly is your one-stop-shop when it comes to going passwordless, especially when leveraging smartcards!

Go Passwordless with Smartcards

For organizations looking to embark on this journey, the Keytos security team stands ready to guide you through every step of the process. Whether you prefer a direct conversation to discuss a passwordless strategy that best fits your needs or choose to explore at your own pace through our extensive documentation, we are here to support you. Our YouTube channel is a great place to check out visual tutorials and step-by-step guides, designed to provide you with the knowledge and tools necessary for a seamless transition. Additionally, our documentation on how to implement EZCMS offers granular, actionable insights to ensure a smooth integration into your existing systems.


We invite you to reach out at your convenience to discuss how we can help secure your operations against the cyber threats of tomorrow. Embrace the future of cybersecurity with Keytos and take a decisive step towards a more secure, efficient, and cost-effective digital environment.

You Might Also Want to Read