While you have been able to use YubiKeys for FIDO2 and Azure CBA with EZCMS for over a year, we have heard your feedback, and we are happy to announce that now you can onboard both PIVKey smartcards and Taglio smartcards to Azure CBA or for use of AD (Active Directory) Authentication with EZCMS. This allows you to use the same card for physical access as well as for passwordless authentication.
The first step is to enable Azure CBA, for this we will use our Azure based Certificate Authority EZCA since it makes it easier and faster, but if you already have an ADCS (Active Directory Certificate Services) CA and want to use that, you can connect your EZCMS instance to ADCS
Below you can see a quick video on how to set up Azure CBA in Azure, but if you prefer written documentation, you must follow these steps:
1) Create your root Certificate Authority
2) Create your EZCMS instance
3) Create your smartcard Certificate Authority
4) Add the Certificates to Azure CBA
5) Enable PIVKey as a smartcard provider in settings
6) Register your tenant in EZCMS and add the CA we created before.
7) Once your tenant is connected, set yourself as an HR administrator and add yourself to the HR database
Once we have set up Azure CBA, we are ready to issue smartcards and start our passwordless authentication journey!
Now that we have set up EZCMS and Azure CBA, we can assign your first Taglio smartcard. First, go to the portal and request a PIVKey smartcard. Then, using the EZCMS client with your administrator account, assign the smartcard to yourself.
Now we can issue the smartcard certificate! First, make sure you have downloaded and installed the PIVKey administrator tools in the machine that will be used to create the smartcard. Once that is installed, you can request your certificate either by scanning your government ID (premium plan only) or using an existing AAD identity.
As you see, the integration of PIVKey is very smooth and it takes a few minutes to get setup. If you want help setting it up, we can setup a free deployment call where an engineer from our team will join and get you all setup in less than 30 minutes. But, since smartcards are an older technology, some of the amazing features we have with YubiKeys will be lost.
We understand that one of the hardest parts of moving to Smartcard authentication is the printing and distribution of the smartcards; this is why our software has an integrated ticketing system that allows your team to assign and ship smartcards as users request them. However, we understand that you might be too busy for that, or do not want to buy a fancy printer; if that is the case, feel free to schedule a demo and ask us about our managed smartcard distribution service.