Skip to content

Crayonic Credential Manager

Web Application Version (CCM2)

A role-aware web console for Microsoft Entra ID that lets administrators and standard users manage passkeys, and (optionally) legacy-app passwords with the Crayonic Agent.

What’s New in the Current UI

  • Admin dashboard with live Entra stats, connected-device status from the local Agent, recent activity/error feed, and password manager health widgets
  • Unified passkey view that aligns Entra methods, hardware wallet credentials, and CCM’s local database with real-time Agent events
  • Self-service area (My Passkeys, My Requests, Approvals) with multi-approver thresholds, finalize flows, and wallet-based creation where policy allows
  • Admin Settings page covering Graph/SPA/Agent/JWT configuration, self-service policy toggles, and password manager settings
  • Audit log with filtering (actor, action, outcome, date, CCM vs PWM categories) and PDF export
  • Password Manager (preview) pages for Shadow Accounts, Connectors (AD/LDAP/SQL/SAP/custom with health tests), and Legacy App detection rules

Overview

Crayonic Credential Manager is a web based application that enables users according to their roles and Entra permissions to:

  • Create new users in Entra ID with guided UPN generation and temporary password issuance
  • Search directory users (including extended search) and inspect passkeys across Entra ID, connected wallets, and CCM’s credential store
  • Create new passkeys on behalf of users on connected Crayonic Wallets with duplicate detection and domain safety checks
  • Register Crayonic wallets serial numbers for users in CCM and Entra ID
  • Remove passkeys from Entra ID, wallets, and the local store in one flow
  • Offer end-user self-service for passkey requests, approvals, and wallet creation where policy allows
  • Optionally manage shadow accounts, connectors, and legacy app patterns for password manager use cases

This tool is particularly useful for organizations deploying passwordless authentication at scale, as it allows administrators to provision credentials and passkeys without requiring complex end-user intervention. Tool is simple enough to use by non technical users i.e HR department.

Feature Highlights

  • Multi-tenant support: Works with any Entra ID tenant using MSAL Browser (PKCE)
  • Role-aware UI: Admin, authentication admin, and standard users see only relevant pages and controls
  • Passkey alignment: Side-by-side view of Entra methods, wallet credentials, and CCM database entries with live Agent events
  • On-behalf provisioning: Create Entra FIDO2 methods via Agent-backed hardware, with serial-number checks and duplicate warnings
  • Self-service with approvals: Users can request, approve, finalize, and delete their own passkeys; wallet-side creation allowed by policy
  • Device awareness: Wallet/device list with status and capabilities; Agent status surfaced in the header
  • Audit & reporting: Filterable audit log with CCM/PWM categories and PDF export
  • Password Manager (preview): Shadow accounts (bulk import/edit), connectors with health tests, legacy app detection patterns, and dashboard stats
  • Localization: Multi-language labels (EN, DE, FR, NL, PL, CS, SK) with in-app language switcher

Getting Started

Prerequisites

  • Windows 10 (1903 or later) or Windows 11 (MacOS and Linux support coming soon)
  • Installed Crayonic Agent serevice
  • Entra ID tenant
  • Account with appropriate permissions for given use cases (Global Administrator, Authentication Administrator, or Privileged Authentication Administrator)
  • Crayonic Wallet (hardware or virtual) connected to the local Agent
  • Dashboard: Entra stats, connected-device card, recent activity/errors, password manager health widget
  • Users: Directory search, user creation with auto-generated UPN/password, passkey modal comparing Entra/Wallet/DB credentials, on-behalf registration, and deletions
  • Wallets: Live device list and wallet passkeys with delete actions
  • Self-service: My Passkeys, My Requests, and Approvals pages with multi-approver thresholds, finalize flows, and wallet creation (when enabled)
  • Admin Settings: Graph/SPA/Agent/JWT configuration, self-service policies (thresholds, limits, approver roles), and password manager toggles (broker URL, OTP TTL, session length, FIDO2 requirement)
  • Audit: Filterable log with PDF export and CCM/PWM categories
  • Password Manager (preview): Shadow Accounts (CRUD, bulk CSV import) mapping for legacy apps, Connectors (AD/LDAP/SQL/SAP/custom + health checks), Legacy Apps password dialog detection and backend injection of passkey derived passwords (pattern rules, TTL, priority, connector mapping)

Video Tutorial

Watch our comprehensive video tutorial to get started with CCM2:

CCM2 Video Tutorial

This video covers the key features and workflows of the Crayonic Credential Manager, including user creation, passkey management, and administrative tasks.

Documentation

  • Admin Manual: Guide for system administrators responsible for configuring the Crayonic Credential Manager (CCM), managing users, and overseeing system security
  • User Manual: Comprehensive guide for end users on how to using the application
  • Security: Security details of CCM