Managed Cloud PKI as a Service

Move past the frustration of password resets and vulnerabilities with our intuitive, easy-to-use PKI management tools. Our Managed cloud-based PKI as a service provides the foundation for secure and passwordless Wi-Fi, VPN, Single-Sign On, and much more.

The Security of Certificates, Made Easy

Certificates deliver so much more identity context to each connection, and can be used for a variety of purposes. In one convenient centralized location, our managed cloud PKI solution allows you to create certificates for:

Simple PKI Certificate Management for Every Enterprise

Many organizations have given up on passwordless authentication because building an on-premise PKI is difficult. But with our managed PKI solution, enterprises of every size can leverage the security of digital certificates with modern automation technology that ensures every step of the certificate lifecycle is manageable. Enjoy the best of both worlds: simplicity and security

		Build Your Own PKI
Upfront Infrastructure Cost	$0	$65,216*
Upfront Software Cost	$0	$141,383*
Time for Configuration	2-4 hours with white glove implentation	Hundreds of hours to set up securely**
Level of Maintenance required	None	High maintenance with regular manual patches and updates
AI & Monitoring	Monitoring & AI-driven anomaly detection	Set your own alarms
Training Required	None	Years
Support	Team of experts with experienced implementing PKIs for hundreds of organizations	Limited to your team’s experience

*Costs are in USD, and are based on building an on-premise PKI with Microsoft Active Directory Certificate Services (AD CS).

**This requirement is based on research conducted by Specter Ops.

Cloud PKI as a Service that Seamlessly Fits your Environment

In the past, PKIs have been challenging to set up, but the good news is that’s just the past. Our PKI as a service solution brings the best of modern certificate management tools to your cloud environment, automating certificate enrollment and revocation based on real-time data from your Cloud Identity.

Search for users/devices and easily view all their certificate lifecycles and authentication events in one place for easy troubleshooting and management
Simple and secure, backed by HSM (Hardware Security)
Integrate with ease to nearly every device management system or with BYODs/unmanaged devices
Automate certificate enrollment and revocation to all your managed devices through our API
Total cost of ownership (TCO) is less than a third of comparable on-premise Active Directory (AD CS) solution.

Learn More

We’ve Helped Many Businesses Like Yours

Zero-Touch Certificate Enrollment for Managed Devices

Historically, one of the greatest challenges of certificate management has been distributing certificates to all your enterprise’s managed endpoints. That’s no longer the case, thanks to our PKI as a service platform. Our managed device gateway APIs can configure the managed devices on your network for certificate-based authentication with no end-user input.

Automatically configure and enroll managed company-owned devices through our managed device gateway APIs.
Connect devices to networks and provide reporting, device analytics, and remote troubleshooting data.
Push configuration profiles to IoTs, ensuring all devices are using secure certificate-based authentication.

Easy Self-Service BYOD Enrollment

SecureW2’s PKI as a service also provides onboarding technology for BYODs. Potential misconfiguration can be a huge window for human error - and a liability for your network security. Our JoinNow MultiOS onboarding application takes human error out of the equation by configuring unmanaged devices for your users.

Automatic device 802.1x configuration software compatible with every OS, which includes guided user flow where necessary.
Configure for device or user certificates.
Enables easy configuration for server certificate validation.
From start to finish, configuration takes only a minute or two.
Support for iOS, Windows, macOS, Android, ChromeOS, Linux, and Kindle.

Learn More

Support Your PKI Infrastructure with a RADIUS Designed for Passwordless Authentication

Digital certificates need to be supported by a secure authentication system, which is why Cloud RADIUS was designed from the ground up for passwordless authentication.

No extra LDAP servers needed - Cloud RADIUS ties directly with popular Identity Providers such as Google, Okta, and Microsoft Azure AD.
Enforce Policies with Real-Time User/Device Lookup against Azure, Okta, & G-Suite.
Detailed event logs grant you visibility over the devices accessing your network.

Public Key Infrastructure FAQs

What are the benefits of a Public Key Infrastructure for my organization?

The ultimate benefit of a private PKI is passwordless, certificate-based authentication. It’s no secret that passwords are a vulnerability, with organizations like Microsoft recommending that you move away from password-based PEAP-MSCHAPv2 to passwordless protocols like EAP-TLS. Digital certificates can be used to secure a range of resources, including your wired & wireless network, VPN, applications, desktop logins, and much more.

Additionally, there are benefits for your end-users. With digital certificates, employees no longer have to deal with frustrating password reset policies and disconnects due to password changes.

Why can’t we just build our own private PKI instead of using a managed PKI?

Many organizations see the benefits of going passwordless, but think that they can reduce the cost of doing so by building their own PKI infrastructure. Unfortunately, this often ends up being a costlier venture in terms of finances and time spent. Building a private PKI requires expertise, space for the servers, and regular maintenance. Additionally, certificate lifecycle management - from issuance to renewal to revocation - is time-consuming.

PKI as a service solutions like our JoinNow Connector PKI can save you the resources you would otherwise spend on building and maintaining your own. What’s more, since our PKI infrastructure is cloud-based, your administrators can access it from anywhere without having to replicate it at every office location.

How does your PKI handle certificate lifecycle management phases, such revocation?

We wouldn’t be able to call it PKI as a Service if we didn’t provide you everything you needed to manage your certificates. For endpoint distribution, we have our automatic gateway APIs for managed devices and our self-service onboarding technology for unmanaged devices/BYODs.

When it comes to revocation, our cloud based PKI can revoke certificates in a few different ways, including manually and through automatic revocation with some MDMs such as Jamf and Intune. Our PKI as a service also includes customizable policies you can create, such as non-utilization, which means certificates that aren’t used for a definable period of time (such as 60 days) are automatically revoked.

How do you handle certificate renewal?

Our PKI makes renewal simple, too. For managed devices, certificate renewal typically happens on an automatic basis a month or two before the certificate’s expiration. For BYODs, administrators can set a customizable notification email to go out to end-users, encouraging them to re-enroll for a certificate before it expires.

What is the passwordless authentication experience like for the end user?

The user experience differs based on whether they are using managed or unmanaged devices/BYODs. For managed devices, the end user will never notice the certificate enrollment process - our PKI as a service includes gateway APIs that will automatically enroll them for a certificate. For BYODs, you can utilize our self-service onboarding technology, which allows end users to configure their devices for private certificates in a matter of minutes.

After enrollment, certificate-based authentication is mostly the same for either type of end-user. They no longer need to remember a plethora of passwords, reset those passwords regularly, or adhere to complex password requirements.

Does your PKI platform provide public or private certificate authorities?

Our PKI allows you to create a private certificate authority only. However, you can create as many private certificate authorities as you need. Our customers commonly build a different certificate authority for different groups of people to enable role-based access control, such as having a separate certificate authority for their HR and DevOps teams. This makes managing certificates for different roles organized and efficient.

Which cryptographic algorithms does your PKI support?

Our best in class PKI supports a range of secure algorithms. Those include RSA 2048 & 4096, as well as ECC P256 & P384.

Can you export the certificate’s private key and use it to authenticate another device?

Public key cryptography requires the use of both public and private keys. While the public key can be sent freely, the private key must be stored securely, and we take key storage seriously as a result. The best way to guarantee your private key won’t be removed from your device is to ensure it is stored in the proper key stores and enclaves and set to non-exportable. To increase security further, we recommend that keys are stored in a device’s Trusted Platform Module (TPM) instead of storing the keys in software.

We use multi-factor authentication (MFA). Isn’t that passwordless already?

While multi-factor authentication is more secure than a simple username and password combination, it’s still the best security available. It’s simply not practical for Wi-Fi and wired security when devices move around to different locations, requiring multiple authentications. The introduction of MFA fatigue attacks, in which hackers spam users with MFA prompts until they just give in and approve them, also puts enterprises at risk. This is why organizations like CISA have recommended certificate-based authentication over MFA for increased security.

What Real Customers Have to Say About SecureW2

At SecureW2, we have a laser focus on making products and services that customers love. But don’t take our word for it, check out what some of our customers are saying:

See all SecureW2 JoinNow Reviews

Best Support & Implementation Experience In my Career

5-Star Support Experience - Thorough assistance for planning, testing and implementation -Fantastic functionality - Thorough Integration Support

Josh H. Computer Software

Like a great Offensive Lineman

The implementation was seemless and easy. It worked immediately, and the individuals working with us were able to tell us exactly what to do.

Reagan H. Financial Services

SecureW2 Makes Wi-Fi Authentication Easy

With SecureW2, we are finally able to stop using user name an passwords for Wi-Fi authentication and strictly use machine based certificates. This has alleviated several pain points with our users.

Verified User in Primary/Secondary Education Verified User in Primary/Secondary Education

Quick, painless deployment with little to no maintenance

Very little time was spent configuring the product. SecureW2 was able to help walk my team through all necessary configurations to create our PKI environment and automate certificate deployment. Since then everything has simply just worked and is integrated perfectly with out device lifecycle.

Verified User in Information Technology and Services Verified User in Information Technology and Services

Easy to integrate simple to deploy securing a large global network.

The White Glove Service made it easy to implement and connect to our services The team has been very knowledgeable, And implementation into the network was very simple.

Jason B. Information Technology and Services

Dynamic PKI

Cloud RADIUS

JoinNow MultiOS

JoinNow NetAuth

Featured Customers

Customer Stories

Integrations

Blog