Create Your Identity

Introduction

This page will guide you on how to create your passwordless identity, your organization might require you to have a hardware token if you have not requested a hardware token, please request one.

System Requirements

Currently EZSmartCard is only supported on Windows 10+ and MacOS 12+

Different Onboarding Options

Depending on your organization’s settings, you might have the following identity bootstrapping options:

  1. Government ID Scan.
  2. Same Domain or Whitelisted Domain Authentication
  3. Preloaded Identity with Unblock Pin

Hardware Key Onboarding

The following instructions will guide you on how to onboard your hardware key for passwordless authentication. based on your organization settings, this onboarding might create a FIDO2 key or a SmartCard or both. While this won’t really affect your user experience, you can learn more about the different authentication methods in this webinar.

Government ID Scan

Video Version

Text Version

  1. Open the EZSmartCard Tool.
  2. Navigate to “Request Certificate”.
  3. Select “Government ID Validation”.
  4. Enter your email.
  5. Scan the QR code with your phone.
  6. Follow the instructions on scanning your face and your Government ID.
  7. Once you finish your ID Validation on the phone, click the “Finished Phone Validation” Button. Finished Phone Validation
  8. EZSmartCard will Validate your information (this might take a few minutes).
  9. Select the account you want to create an identity for. Select Domain
  10. If is the first time you use this SmartCard, create a new 6-8 characters pin (this pin will be required each time you use your SmartCard).
  11. If you have already used this SmartCard before, enter your pin.
  12. Click “Request Certificate” Request Certificate
  13. If using a Yubikey, the Yubikey might start flashing fast when creating the key and then slowly indicting that it requires a physical touch, when that happens touch the Yubikey on the copper part. This step can occur up to 4 times during key creation.
  14. Your certificate is now ready to be used

Same Domain or Whitelisted Domain Authentication

Video Version

Text Version

  1. Open the EZSmartCard Tool.
  2. Login.
  3. Navigate to “Request Certificate”.
  4. Select “Existing User Account”.
  5. Select the account you want to create an identity for. Select Domain
  6. If is the first time you use this SmartCard, create a new 6-8 characters pin (this pin will be required each time you use your SmartCard).
  7. If you have already used this SmartCard before, enter your pin.
  8. Click “Request Certificate” Request Certificate
  9. If using a Yubikey, the Yubikey might start flashing fast when creating the key and then slowly indicting that it requires a physical touch, when that happens touch the Yubikey on the copper part. This step can occur up to 4 times during key creation.
  10. Your certificate is now ready to be used.

Preloaded Identity with Unblock Pin

Some organizations prefer having the IT Help Desk create the smart card certificate for their user and have the user unblock the smart card. If this is the case for your SmartCard, EZSmartCard will send you an email with your unblocking code, and a link to these instructions. To Unblock the SmartCard Follow the following Steps:

  1. Open the EZSmartCard Tool.
  2. Navigate to “Unblock SmartCard”
  3. Enter your Unblock Pin.
  4. Create a new 6-8 characters pin (this pin will be required each time you use your SmartCard).
  5. Click “Unblock SmartCard”

Phone Onboarding

Your organization might have also set up passwordless authentication with phone authentication with the Microsoft authenticator app. Based on your organization setting, you might be able to create this identity either by verifying your identity with a government ID, or with an existing Azure AD account.

Government ID

  1. Open the EZSmartCard Tool.
  2. Navigate to “Request Certificate”.
  3. Select “Government ID Validation”.
  4. Enter your email.
  5. Scan the QR code with your phone.
  6. Follow the instructions on scanning your face and your Government ID.
  7. Once you finish your ID Validation on the phone, click the “Finished Phone Validation” Button. Finished Phone Validation
  8. EZSmartCard will Validate your information (this might take a few minutes).
  9. Select the account you want to create an identity for. Select Domain
  10. Click the “Start Phone Enrollment” button. Start Microsoft Authenticator Phone Enrollment
  11. If you do not have the Microsoft Authenticator app, use the QR code to download it on your phone, and click next. Download Microsoft Authenticator Phone App
  12. Now it will show your enrollment QR code, open the Microsoft Authenticator App, click add work or school account and Scan that QR code. Scan the Enrollment QR Code for Microsoft Authenticator App
  13. Once you have scanned the QR Code Click Next Finish QR Code Phone Enrollment
  14. This will send a test authentication request to your phone, Open your Authenticator app and click approve. Approve request in Microsoft Authenticator App
  15. Once you have approved the request, click the “I have approved the request” button. Approve request in Microsoft Authenticator App
  16. The last step for setting up phone passwordless authentication, is enabling it on the Microsoft Authenticator App.
    1. Open the authenticator app.
    2. Select the account you just enrolled.
    3. Click Continue,
    4. Get the TAP shown in the EZSmartCard Application. Get TAP from EZSmartCard
    5. Enter the TAP shown in the EZSmartCard Application in your authenticator app. Get TAP from EZSmartCard
    6. Wait a few seconds while the phone gets registered. (Screen might reload a few times)
    7. Click Finish. Scan the Enrollment QR Code for Microsoft Authenticator App

Azure AD Authentication

  1. Open the EZSmartCard Tool.
  2. Login.
  3. Navigate to “Request Certificate”.
  4. Select “Existing User Account”.
  5. Select the account you want to create an identity for. Select Domain
  6. Click the “Start Phone Enrollment” button. Start Microsoft Authenticator Phone Enrollment
  7. If you do not have the Microsoft Authenticator app, use the QR code to download it on your phone, and click next. Download Microsoft Authenticator Phone App
  8. Now it will show your enrollment QR code, open the Microsoft Authenticator App, click add work or school account and Scan that QR code. Scan the Enrollment QR Code for Microsoft Authenticator App
  9. Once you have scanned the QR Code Click Next Finish QR Code Phone Enrollment
  10. This will send a test authentication request to your phone, Open your Authenticator app and click approve. Approve request in Microsoft Authenticator App
  11. Once you have approved the request, click the “I have approved the request” button. Approve request in Microsoft Authenticator App
  12. The last step for setting up phone passwordless authentication, is enabling it on the Microsoft Authenticator App.
    1. Open the authenticator app.
    2. Select the account you just enrolled.
    3. Click Continue,
    4. Get the TAP shown in the EZSmartCard Application. Get TAP from EZSmartCard
    5. Enter the TAP shown in the EZSmartCard Application in your authenticator app. Get TAP from EZSmartCard
    6. Wait a few seconds while the phone gets registered. (Screen might reload a few times)
    7. Click Finish. Scan the Enrollment QR Code for Microsoft Authenticator App