Register Domain

Prerequisites

  1. Create EZCA CA or Create ADCS CA

Introduction

Once your organization wide settings are set, you can register a new domain or manage your existing domains. In this document we will go over how to register a new domain, set the domain requirements and connect a CA.

Creating a New Domain

  1. Navigate to your EZSmartCard instance and select “Domain Settings”

    You must be an administrator for this option to appear.

    Domains Menu
  2. Enter your domain ID (Azure Tenant ID)
  3. Enter domain name.

    Domain name is all the text after the @, for example for jake@keytos.io the domain name is keytos.io

  4. Set your clearance requirements for this tenant.

    Clearances are set by you in the HR database, this can be from certain background checks, to actual government clearances. Anyone that doesn’t meet the clearance requirements will not be able to see the domain.

  5. The “Allowed Credentials” section enables you to select which credential types are allowed to create a smart card for this domain. Depending on your plan you will have some of the following options:
    1. Government ID and Face Recognition: The user scans their face and a government ID, EZSmartCard uses AI to validate the validity of the ID as well as the match with the user.
    2. Multi-factor Authentication The user can use their existing domain credentials to create a smart card for this domain. (This option should be enabled for renewals and can also be leveraged by existing domains that are moving to passwordless authentication)
    3. Other Domain Multi-factor Authentication If like Keytos, your organization uses Identity Isolation to protect their environments, you can enable the user’s identity from your other domains to create a smart card for this domain.
    4. IT Desk Smart Card Creation For highly regulated industries, physical presence and verification is required to create the smart card, this option enables your IT desk to create the Smart Card on behalf of the user. Passwordless bootstrap identities
  6. For multi-tenant organizations the aliases of a secondary domain might not match the aliases of the main domain, to solve this issue EZSmartCard supports user mapping. To enable this select the “Use custom UPNs for this domain option. Custom UPN for domain
  7. Select the cryptographic key type required for this domain.

Connecting Your CA

EZSmartCard Supports connecting EZCA an Azure Based PKI and Windows ADCS CAs for certificate creation.

Connecting EZCA CA

  1. Enter https://portal.ezca.io as the agent URL.
  2. Open EZCA in another tab.
  3. Navigate to Certificate Authorities
  4. Click “View Requirements” on your SmartCard CA EZCA SmartCard CA
  5. Copy your CAID EZCA SmartCard CA Details
  6. Go back to your EZSmartCard Tab
  7. Paste the CAID in the CA Details CAID field. EZSmartCard EZCA connection
  8. Click “Test Connection”
  9. If the connection is successful add the CA EZSmartCard EZCA add Certificate Authority
  10. Repeat these steps for all your CAs.
  11. Save the domain by clicking “Register Domain at the top. EZSmartCard Save new domain

Connecting ADCS CA

  1. Enter your public facing agent URL.
  2. Enter the CA name with the format fqdn\CA Name
  3. Enter the template name of the smart card template you created. EZSmartCard ADCS CA connection
  4. Click “Test Connection”
  5. If the connection is successful add the CA EZSmartCard EZCA add Certificate Authority
  6. Repeat these steps for all your CAs.
  7. Save the domain by clicking “Register Domain at the top. EZSmartCard Save new domain