JoinNow Platform 8.1 is now available, and significantly strengthens how identity, device, and risk signals govern certificate issuance and access decisions. The update introduces support for SentinelOne, Entra ID Protection, and Jamf School telemetry, joining a growing ecosystem of real-time intelligence sources including CrowdStrike, Palo Alto Networks, and Microsoft Defender.
This blog covers all the updates in detail, but below is a summary of the biggest enhancements:
- SentinelOne Integration: Combine S1 security signals with identity and device platforms for certificate suspension, revocation, reactivation, and notification, as well as control network access.
- Entra ID Protection Signals: Use security signals from Entra ID, enabling the use of risk-based attributes for both Certificate Enrollment and RADIUS Authentication policies.
- Jamf School API Support: Now an officially supported SCEP integration combined with an API lookup to improve issuance and management security.
- ACME Server Domain Validation: ACME certificate enrollment now supports HTTP/Domain validation. This feature validates domain ownership to prevent unauthorized server certificate enrollment, supplementing the existing External Account Binding (EAB) capability.
When we asked Bert (Co-founder/CEO) about the release, he said:
“It’s not enough to know what’s connecting. Security teams want the greatest certainty possible that every user and device with access to networks, applications, and workloads meets their trust standards and continues to meet them over time. This release expands our real-time intelligence signal sources, which inform dynamic trust profiles used to govern certificate issuance and drive Adaptive Defense for continuous enforcement as conditions change.”
Now that we’ve set the scene a bit, let’s take a look at some of the core enhancements in more detail!
Support for SentinelOne Security Signals
SecureW2 now directly ingests risk signals from SentinelOne’s device telemetry.
This new integration allows you to combine S1 security signals with identity and device platforms for certificate suspension, revocation, reactivation, and notification, as well as control network access.
- The platform supports up to 76 attributes, with 10 used by default to calculate a device’s risk score.
- Risk scores are categorized as Low, Medium, High, or Critical.
- Indicators like malware, credential theft, privilege escalation, and zero-day activity adjust a device’s trust profile in real time.
This real-time risk score can be used during Certificate Enrollment and RADIUS Authentication flows to block, delay, or issue certificates based on policy, or dynamically authorize network access.
Jamf School Integration
We have previously integrated with Jamf School, but it was just using Generic SCEP. Now, we have an official SCEP integration combined with an API lookup to improve issuance and management security.
- A new, official Jamf School integration is available. It combines SCEP with an API lookup, greatly improving certificate issuance and management security.
- Real-time lookups validate device posture using attributes like isManaged and isSupervised.
Use Security Signals from Entra ID Protection
User risk scores from Entra ID Protection can now directly drive certificate enrollment and network authentication policies.
- Entra User Risk is a measure of how likely a user account is compromised or misused by an attacker or insider.
- These scores reflect behavior anomalies, phishing exposure, and compliance gaps.
- Organizations can respond to an elevated user risk score (Low, Medium, High, Critical) with certificate-level controls.
ACME for Server Certs: Support for Domain Validation
The JoinNow 8.1 release also includes enhanced ACME protocol support with a dual-verification requirement that combines organizational identity with domain control.
- Organizational Trust (External Account Binding – EAB): Verifies the request comes from an ACME client associated with a trusted, pre-authorized external account, restricting access to the CA.
- Domain Trust (Domain Validation – DV): Verifies the ACME client has active control over the requested domain name, preventing fraudulent certificate issuance.
This added rigor ensures certificates are issued only when both conditions are validated. The process is powered by a real-time intelligence engine that analyzes security signals before issuance and continuously monitors trust throughout the certificate lifecycle.
Continued User Experience Improvements
In addition to these core features, JoinNow Platform 8.1 includes several updates to improve user experience and platform organization:
- The following have moved from the IDP to Device Management section:
- Google SCEP
- Google Verified Access
- Intune CA Partner
- Device Management platforms are now categorized into:
- Standard: Generic protocols such as SCEP, ACME, and REST APIs can be found here.
- Advanced: Vendor-Specific integrations such as Intune CA Partner and Jamf Dynamic SCEP can be found here.
- A few areas of configuration have been renamed for consistency, and to better match industry standards:
- Azure → Entra ID
- Jamf → Jamf Pro (to differentiate from the now added Jamf School integration)
- Account Lookup → Security Signals Sources
- Lookup Details → Security Signals Details
That concludes the key product updates from JoinNow Platform 8.1. We believe 8.1 continues to cement SecureW2’s position as the leader in passwordless security, providing the foundation for modern device trust and adaptive enforcement that scales across any environment.
To explore how these new integrations can modernize your authentication and reduce your attack surface, contact us today!
