Cloud PKI SaaS Designed for Google Workspace

Extend your Google Workspace policies to the rest of your network and go passwordless with our simple, managed Public Key Infrastructure. Reduce the risk of phishing attacks, multi-factor authentication (MFA) fatigue, and more. Enhance network segmentation, improve your Wi-Fi security, and improve the end-user login experience at the same time by leveraging digital certificates.
Display Widget Preview

Everything You Need for Passwordless Authentication that Seamlessly Integrates with Your Infrastructure

Our vendor-agnostic platform has a decade of integration with all major infrastructure providers, and is the only solution that can automate the certificate lifecycle for Google-managed Chromebooks. The platform was built with a Cloud RADIUS server for turnkey certificate-based network authentication.

Display Widget Preview

Use Information from Google to Extend the Security of Certificates to Your Network

A digital certificate delivers so much more identity context to each connection and can be used for various purposes. In one convenient centralized location, our managed Google cloud PKI solution allows you to create certificates for:

We’ve Helped Many Businesses Like Yours

Gallery Image
Gallery Image
Gallery Image
Gallery Image
Gallery Image
Gallery Image
Gallery Image

A Complete Certificate Management Platform for Google

Our Certificate Lifecycle Management solution was designed as an extension of your Google cloud environment, automating the certificate lifecycle based on real-time data from your Cloud Identity. Now you can create as many certificate authorities and intermediate certificate authorities as you need, using all your Google policies to automate certificate management.

Outline:

  • Search for Google users & devices and easily view all their certificate lifecycles and authentication events in one place for easy troubleshooting and management
  • Simple and secure, backed by HSM (Hardware Security)
  • Integrate with ease to nearly every device management system, Identity Provider, or with BYODs/unmanaged devices
  • Automate certificate enrollment and revocation to all your managed devices through our API
  • Total cost of ownership (TCO) is less than a third of comparable on-premise Active Directory (AD CS) solution.
Display Widget Preview
Display Widget Preview

Zero-Touch Configuration for Your Managed Devices & Chromebooks

Historically, one of the greatest challenges of certificate management has been distributing certificates to all your enterprise’s managed endpoints. That’s no longer the case, thanks to our PKI as a service platform. Our managed device gateway APIs can configure the managed devices on your network for certificate-based authentication with no end-user input.

  • Automatically configure and enroll managed company-owned devices through our managed device gateway APIs.
  • Industry-first Chromebook extension that configures and enrolls Chromebooks for certificates.
  • Connect devices to networks and provide reporting, device analytics, and remote troubleshooting data.
  • Push configuration profiles to IoTs, ensuring all devices are using secure certificate-based authentication.

Empower End Users to Configure Their BYODs in Minutes

SecureW2’s PKI as a service also provides onboarding technology for BYODs. Potential misconfiguration can be a huge window for human error – and a liability for your network security. Our JoinNow MultiOS onboarding application takes human error out of the equation by configuring unmanaged devices for your users.

  • Automatic device 802.1x configuration software compatible with every OS, which includes guided user flow where necessary.
  • Configure for device or user certificates.
  • Enables easy configuration for server certificate validation.
  • From start to finish, configuration takes only a minute or two.
  • Support for iOS, Windows, macOS, Android, ChromeOS, Linux, and Kindle.
  • Windows
  • Windows
SecureW2 JoinNow reviews sourced by G2

Public Key Infrastructure for Google FAQs

What are the benefits of a cloud Public Key Infrastructure for my organization?

The ultimate benefit of a private PKI is passwordless, certificate-based authentication. It’s no secret that passwords are a vulnerability, with organizations like Microsoft recommending that you move away from credentials-based PEAP-MSCHAPv2 to passwordless protocols like EAP-TLS. Certificate-based authentication can be used to secure a range of resources, including your wired & wireless network, VPN, applications, desktop logins, and much more.

Additionally, there are benefits for your end-users. With digital certificates, employees no longer have to deal with frustrating password reset policies and disconnects due to password changes.

Why Can’t We Just Use Google CA Service Instead of a Managed PKI?

For organizations using relying heavily on Google in their environments, Google’s Certificate Authority Service seems like an obvious choice for deploying certificate-based authentication. However, certificate authorities can be challenging to set up and configure properly. What’s more, certificate-based authentication should be backed by an authentication server such as a RADIUS server for the utmost security.

SecureW2 provides everything organizations need to implement certificate-driven security. Aside from the knowledgeable support team you can rely on for smooth deployment, we provide a powerful Cloud RADIUS server designed for passwordless authentication. Get everything you need in one spot to deploy certificates, including the expertise.

Can We Just Build Our Own Private PKI for Google instead of Using a Managed PKI?

Many organizations see the benefits of going passwordless but think that they can reduce the cost of doing so by building their own Public Key Infrastructure. Unfortunately, this often ends up being a costlier venture in terms of finances and time spent. Building a private PKI requires expertise, space for the servers, and regular maintenance. Additionally, certificate lifecycle management - from issuance to renewal to building a certificate revocation list - is time-consuming.

Cloud-based and managed solutions like our JoinNow Connector PKI can save you the resources you would otherwise spend on building and maintaining your own. What’s more, since our PKI infrastructure is cloud-based, your administrators can access it from anywhere without having to replicate it at every office location and it integrates seamlessly with cloud infrastructure like Okta.

Can Your PKI Issue Certificates to Chromebooks?

Yes. In fact, our PKI service is the industry’s first solution to provide a unique Chromebook extension for this exact purpose.

Because managed Chromebooks are unable to download applications easily, we’ve developed an extension instead. End users can simply download and run the extension on their Chromebooks to configure their devices and enroll for certificates.

How Does Your PKI SaaS Issue Certificates to Managed Devices?

For devices that aren’t managed Chromebooks, we have gateway APIs that can integrate with all major MDMs, including Google Workspace. Certificates are then issued through these gateways using the Simple Certificate Enrollment Protocol (SCEP).

From the end-user’s perspective, there’s nothing they need to do. The enrollment process is completely automated, requiring no user input.

With Jamf and Intune, we even offer an advanced integration feature called auto-revocation. Every several minutes, our PKI service will check your MDM’s smart and static groups. Devices added to these groups will have their certificates revoked automatically.

How Does Your PKI SaaS Issue Certificates to Unmanaged Devices & BYODs?

For unmanaged devices and BYODs, our cloud service offers JoinNow MultiOS, which is a dissolvable self-service onboarding application. From start to finish, it only takes seconds to configure devices and enroll users for certificates.

Users start by navigating to the customizable onboarding page and entering in their Google cloud credentials (or their credentials from your SAML Identity Provider). SecureW2 then confirms in your Google cloud that the user is authorized for a certificate through SAML authentication.

As long as the user is authorized, MultiOS then runs, configuring their device with the proper Wi-Fi profiles and enrolling them for a certificate.

Does Your PKI Platform Provide Public or Private Certificate Authorities?

Our PKI allows you to create a private certificate authority only. However, you can create as many private certificate authorities as you need. Our customers commonly build a different certificate authority for different groups of people to enable role-based access control, such as having a separate certificate authority for their HR and DevOps teams. This makes managing certificates for different roles organized and efficient.

Can you export the certificates’ private keys and use it to authenticate another device?

Public key cryptography requires the use of both public and private keys. While the public key can be sent freely, the private key must be stored securely, and we take key storage seriously as a result. The best way to guarantee your private key won’t be removed from your device is to ensure it is stored in the proper key stores and enclaves and set to non-exportable. To increase security further, we recommend that keys are stored in a device’s Trusted Platform Module (TPM) instead of storing the keys in software.

Schedule a Demo

Sign up for a quick demonstration and see how SecureW2 can make your organization simpler, faster, and more secure.

Schedule Now

Pricing Information

Our solutions scale to fit you. We have affordable options for organizations of any size. Click here to see our pricing.

Check Pricing