Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Auto-Enrolling Certificates in Jamf

Jamf customers experience a number of benefits by centralizing their device and authentication system under one roof. But Jamf doesn’t have the capability to handle the entire authentication process. An effective compromise is to combine Jamf with third-party solutions to provide a positive user experience and top notch authentication security.

Combining Jamf and an External CA

Traditionally, certificate-based organizations utilizing Jamf would use Jamf’s built-in CA to distribute certificates to end users. This was a logical system to implement and allows for efficient distribution of certificates to users so they can quickly gain secure network access.

gray stainless steel stair railings photography

Most Jamf Admins prefer using an External CA to implement certificate-based authentication because it’s much more secure than passwords. Simply put, using an External Certificate Authority allows organizations to leverage their own Public Key Infrastructure (PKI). This makes certificate issuance and management much more efficient, as Jamf lacks many of the features that true PKIs offer.

Jamf and SecureW2

 

SecureW2 is able to integrate with network infrastructure and devices from every major vendor. We easily combine the streamlined device management of Jamf with certificate enrollment software and a turnkey PKI solution for a top of the line certificate experience.

Efficient Certificate Provisioning

By choosing to use SecureW2 as your External CA in Jamf, you get access to the industries #1 rated Certificate Issuance Platform. Instead of manually enrolling each Jamf managed device for an x.509 Digital Certificate, you can instead leverage the Simple Certificate Enrollment Protocol (SCEP) with SecureW2’s PKI. Once your Jamf Payload is configured, it can be distributed to devices with no end user interaction.

By investing in a foundational security infrastructure like SecureW2’s PKI, you also make it incredibly simple for BYOD devices to enroll for certificates. The SecureW2 JoinNow onboarding solution allows users to configure devices for certificate-based authentication in minutes. While the manual process requires high level IT knowledge to follow and hours of maintenance, JoinNow involves only a few clicks and ends with a certificate ready for authentication. JoinNow is so advanced, it can even enroll YubiKeys for certificates and attest to the Private Key generation location, enabling high assurance access security policies.

The process for end users is fast, and on the admin side, it’s easy to configure and manage over time. Network admins can view authentication events and remote troubleshoot any issues you may face.

Automating Certificate Revocation

Jamf + SecureW2 Solution

Provisioning certificates isn’t the only step in the certificate lifecycle that SecureW2 makes easy. Now, it’s simple to revoke certificates, too – no more hours spent manually revoking dozens, hundreds, or even thousands of certificates.

JoinNow Connector PKI’s Jamf auto-revocation feature is the key. Administrators can configure the PKI to periodically check smart/static groups in Jamf, which occurs every several minutes. Certificates found in those groups will automatically be revoked.

The end result is up-to-date network access control and peace of mind. Whenever a change happens in your organization, such as someone leaving the company, you can simply add them to the group in Jamf and let our PKI handle the rest.

Stronger Network Security

It’s common knowledge that credentials do not stand up when compared to certificates, but just having certificates isn’t the final step. They must be supported by processes and tools that maximize this dynamic technology.

teal LED panelSecureW2’s certificate solutions ensures that once a user is equipped with their certificate, it cannot be stolen or given away. Only approved network users can be identified in the IDP, and you can ensure no outside actor can gain a certificate. They can also be configured to authenticate and secure a wide range of processes, such as VPN and email security.

Network management is one of the most important duties of an IT department, so equipping them with the best tools to complete that task is vital. By streamlining the configuration and authentication processes, IT won’t be distracted by support tickets or authentication problems.

Combining SecureW2 and Jamf results in a secure and efficient network that relies on modern authentication methods. Check out our pricing page to see if SecureW2’s certificates solutions can support your Jamf network.

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Auto-Enrolling Certificates in Jamf