How to Self-Enroll Yubikeys and FIDO2 Keys for Entra CBA Using Verifiable Credentials

Introduction - How to Self-Enroll Smartcards and FIDO2 Keys for Entra CBA Using Government ID EZCMS

If you are creating your phishing resistant identity for the first time or you are locked out of your Entra ID (Microsoft 365) credential, depending on the settings of your organization you might be able to onboard your FIDO2 or Entra CBA token using a government ID. This requires you to have your hardware key or smartcard, if you do not have one request one.

How To Onboard Phishing Resistant FIDO2 and Entra CBA with Government ID Verification

1. Open the EZCMS Tool.
2. Navigate to “Request Identity”.
3. Select “SSO Login” and click Next.
4. Enter your corporate email and click “Next”.
5. Scan the QR code with your phone.
6. Follow the instructions on scanning your face and your Government ID.
7. Once you finish your ID Validation on the phone, click the “Next” Button.
8. Connect the hardware key or smartcard to your computer.
9. Select the domain and account you want to create an identity for.
10. Select the Hardware key you want to use.
11. Enter your PIN (If this is the first time it will ask you to confirm your PIN).
12. Click “Next”
13. Follow the instructions on the screen (If it freezes, it might be waiting for input on your YubiKey, look at the YubiKey to see if it is flashing slowly, if it is, press the copper part).
14. Your Key is now read to use!