Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

API Gateway Solutions for Managed Device Certificate Enrollment

In the past, one of the greatest challenges to implementing digital certificates was getting them onto all your network’s devices. JoinNow makes this a problem of the past, thanks to our powerful certificate enrollment gateway that integrates with all major MDMs, like Workspace One, Jamf, Intune, and MobileIron.

API Gateway Solutions for Managed Device Certificate Enrollment

Seamless Integration with All Major MDMs

At SecureW2, we understand that every organization’s infrastructure is unique, which is why we designed our managed device gateways with vendor neutrality in mind. We integrate seamlessly with every major MDM - check out our integration guides below for more details.

Quote Left Icon
It just works because the user doesn’t have to do anything and IT sets it up once because it is all automated. Everything is set up with the MDM.

FAQs for Managed Device Certificate Enrollment

How is the Intune CA Partner Integration Different from Intune SCEP?

In typical Microsoft Intune SCEP certificate issuance, Intune simply sends a SCEP URL which managed devices access to issue certificates. But if you issue certificates this way, there’s the potential risk of an unauthorized device gaining access to the SCEP URL and requesting its own SCEP certificate template.

With our Intune SCEP certificate issuance platform, we integrate seamlessly with Intune. Before our PKI issues certificates, we can verify the device requesting the certificate exists in Intune. Additionally, our Intune CA partner integration allows us to automatically revoke certificates when a device is retired, wiped, or deleted in Intune. This further automates the client certificate lifecycle, making it simple for administrators to manage each SCEP certificate. It also prevents someone from abusing your Intune SCEP configuration, as it implements a user/device lookup during the Intune SCEP process. The SecureW2 solution enables hassle-free certificate distribution and management with these integrations, freeing IT managers to concentrate on important tasks without sacrificing security.

How Do You Renew and Revoke Certificates with Jamf Pro?

Our integration with Jamf Pro works very similarly to our Intune SCEP integration mentioned above. Thanks to advanced integration options, our certificate authority platform can leverage the smart/static groups you build in Jamf Pro to automatically revoke certificates. Our PKI will check Jamf Pro every several minutes and revoke certificates from devices added to these groups, ensuring your revoked certificates are always up-to-date.

This integration improves network security because resources may only be accessed by authorized users holding valid SCEP certificates. The partnership between SecureW2 and Jamf Pro ensures an effective and safe network authentication process.

Which MDMs can the JoinNow Connector PKI Integrate with?

SecureW2's certificate authority management platform interfaces smoothly with all major MDMs, including Workspace One, Jamf Pro, Intune, and MobileIron, to provide full SCEP certificate management. Our solution allows you to distribute and renew certificates for zero-touch device enrollment using a wide range of API gateways like SCEP, WSTEP, JSON, OpenID Connect, OAuth, and more. 

With Intune and Jamf Pro, our PKI also supports automatic certificate revocation. Integrating our cloud PKI services with your chosen MDM is easy by setting up the platform and instructing devices to enroll in certificates automatically.

Which Other Protocols are Supported Besides Simple Certificate Enrollment Protocol (SCEP)?

For flexible device enrollment, SecureW2 further supports WSTEP, JSON, and OpenID Connect protocols in addition to Simple Certificate Enrollment Protocol (SCEP). Furthermore, our Chromebook extension streamlines certificate enrollment for managed Chromebooks, eliminating user-downloaded software requirements.

Whether integrating with Intune, Jamf Pro, or any other MDM, organizations benefit from diverse enrollment choices adapted to their unique requirements. SecureW2 makes certificate-based authentication simple and accessible by streamlining your ability to issue certificates to all your mobile devices.

What is the Certificate Enrollment Experience Like for End-Users?

When it comes to enrolling for a SCEP certificate for a managed device, the end-user doesn’t need to see or do anything. Most users have no idea their device is using a certificate.

The certificate signing request process is handled entirely on the backend by our cloud PKI service and the MDM. The MDM simply pushes the Wi-Fi profile (if you’re doing secure certificate-based authentication for Wi-Fi) and the SCEP profile to the device, which then accesses the URL to complete the certificate signing request with the certificate file.

This makes it simple to issue certificates to every endpoint on your network. Without needing to rely on users to complete certificate requests, you don’t need to worry about the potential for misconfiguration.

Can Your APIs Be Used with Our Existing Public Key Infrastructure?

Yes, if you have a third-party CA or a pre-existing PKI such as Active Directory Certificate Services (AD CS), we can integrate with it. That means you can use our certificate authority management platform to help issue certificates and otherwise manage the certificate lifecycle for your external CA.

However, there are many reasons to consider our cloud PKI over other alternatives. One reason is that our vendor-neutral solution offers an industry-best number of integrations with Identity Providers and Device Management infrastructure. We also offer customizable certificate templates, for example, which can be encoded with information from your MDMs or your cloud Identity Providers (IDPs). We further enable Jamf Pro and Intune SCEP environments with our advanced integration that allows you to automatically revoke certificates and also secure all certificate signing requests by ensuring the devices exist in Jamf Pro or Intune.

Why Can’t We Just Use Microsoft Cloud PKI or Active Directory Certificate Services?

Choosing SecureW2's managed PKI has several benefits over AD CS and Microsoft Cloud PKI. Although it works well in Microsoft settings like Azure and Intune, Microsoft Cloud PKI does not integrate with multiple IDPs/MDMs like Okta and Jamf Pro, an essential feature for various infrastructures. On the other hand, our platform easily interacts with other IDPs and MDMs, guaranteeing interoperability everywhere. In addition, we offer an easy-to-use RADIUS service for certificate-based authentication, which simplifies implementation compared to Microsoft NPS.

Meanwhile, AD CS has cost and scalability issues because it depends on on-premise infrastructure. SecureW2 offers a simplified approach with easy interfaces, while AD CS requires more time and experience to configure and set up.

SecureW2's managed PKI provides organizations full certificate authority services, including Intune SCEP certificate issuance, without platform reliance or on-premise infrastructure constraints. Our solution is flexible and effective, providing enterprises with strong certificate management systems customized to meet their requirements.