How To Manage Users in EZCMS


EZCMS manages the status of the users in your organizations based on our “HR Database” this is integrated into EZCMS and can be managed by your HR department or by your IT department. Below you can see the three options for managing users in EZCMS: manually adding and removing users, using the Keytos automatic user lifecycle, or using the EZCMS API.

Verifying HR Administrator Access

To be able to see or manage the HR database you must be an HR Administrator. To verify this follow the steps below:

If you are not using the Keytos automatic user lifecycle, the accounts that will manage the users must be set as HR Administrators. We recommend creating an AAD group with the HR administrators and adding that group to the HR Administrators section.

  1. Navigate to your EZCMS instance and select “Settings”

    You must be an administrator for this option to appear.

  2. Scroll down to “HR Administrators” ensure your account is listed. HR Administrators

Adding a User In The Portal

  1. Navigate to your EZCMS instance and select “HR Information” HR User Management
  2. Enter the the information of the user. If you are testing for yourself set the manager email to your own account since the manage must approve any hardware requests.
  3. Enter the clearances for the user (This is used for multiple domains, in the government use case this is used for the security clearance of the user, however, different organizations might have different user classifications such as “Engineer” or “Sales” that gives them different access or permissions.)
  4. Enter the cost center, this is used for internal billing purposes for organizations that charge the hardware tokens back to departments.
  5. Select the Active Checkbox to enable the user. HR User Management

Automatic User Lifecycle

EZCMS allows you to automate the user lifecycle using your home AAD tenant. This allows you to automatically onboard and offboard users based on either your full AAD tenant or an AAD group you have selected. To enable this follow the steps below:

  1. Navigate to your EZCMS instance and select “Settings”
  2. Under HR Connection enable the “Automatically Lifecycle Users From AAD” checkbox. Automate User Yubikey onboarding with EZCMS Automatic AAD lifecycle
  3. Enter your Source tenant ID (This is the tenant ID that you want to based your user lifecycle from, we recommend using your corporate tenant for this)
  4. If you want to add all your tenant users to EZCMS select the “Import All AAD Users” checkbox. Manage your passwordless authentication tokens for all Entra ID users
  5. If you want to only add users from a specific group uncheck the “Import All AAD Users” checkbox and enter the group ID.

    You can find your group’s ID by going into selecting Azure Active Directory, selecting Groups, and selecting the group you want to use. How to find Azure AD Group ID

    Manage your passwordless authentication tokens for a specific AAD group
  6. After you have selected your Lifecycle method click “save changes” at the top of the page. Save changes for automatic user lifecycle

Adding a User Using the API

Since each organization has different onboarding processes, we have made it easy to integrate EZCMS to your existing automation. You can use our NuGet package to quickly create your own lifecycle management. To help you get started, we have created a sample console application that can read user information from Azure AD and add it to the EZCMS HR system.