The EZCMS setting page is your home to manage all things related to your subscription. From types of smart cards/FIDO2 Tokens you offer, to security settings such as pin complexity and card assignment requirements to RBAC for token administrators.
Instance administrators are the equivalent of global administrators of the application, this permission will allow the user to manage any setting of EZCMS as well as give themselves permission to execute any action in the portal.
This is a highly privileged role and should be limited to a handful of people in the organization. We recommend using something like Microsoft PIM Groups to manage these users.
EZCMS supports 3 smart card/FIDO2 assignment choices: Smart card is provided by the organization and specifically assigned to a user (recommended), smart card is registered by the organization but not assigned to the user, or users can buy their own smart card and use it for work (not recommended).
To set the smart card policy for your organization, follow these steps:
If “smart card must be assigned” is selected, a group of smart card administrators will have to be added. These users will be able to assign smart cards/FIDO2 Keys to users in your organization.
EZCMS allows you to set organization wide smart card settings, such as number of smart cards per user, if using a yubikey or a FEITIAN FIDO2 + PIV Key it allows you to set the touch and pin policy, pin retries, pin requirements, and blacklisted pins. To set these settings, follow these steps:
EZCMS allows you to set organization wide smart card/FIDO2 key distribution methods, if you would like to have your team ship the cards to your users EZCMS will give you a portal and ticketing system to ship the Keys world wide. If you would like to have EZCMS ship the cards to your users, we have a key purchase and distribution service allowing you to offload the hardware key distribution to our logistics experts. To set these settings, follow these steps: