SCEPman

Certificates – simplified

SCEPman is an Azure-native certificate authority (CA) and certificate lifecycle management (CLM) platform designed for environments where certificate failures have real production impact. It automates the full X.509 certificate lifecycle—issuance, renewal, validation, and revocation—across Intune- and Jamf-managed devices, on-prem and cloud servers, Linux systems, network infrastructure, and IoT devices using open PKI standards such as SCEP, Active Directory GPO, EST, OCSP, and CRL.

By replacing or consolidating legacy ADCS deployments, SCEPman removes the operational risk of manual certificate handling and parallel PKIs. Best practice defaults, object-bound certificates, and robust OCSP handling ensure predictable behavior under pressure. SCEPman runs entirely in your Azure tenant, giving you full sovereignty, auditability, and confidence in your operations.

Boring PKI. Reliable certificates.

Certificate Lifecycle Management That Prevents Outages

Certificate lifecycle management fails when humans are in the critical path. SCEPman automates certificate issuance, renewal, validation, and revocation using open standards such as SCEP, Active Directory GPO, and EST, with validation via OCSP and CRL. Certificates are bound to users and devices, so access is revoked automatically when identities change—eliminating risky, last-minute fixes that commonly cause outages.

Secure Network Access Without Certificate Drama

Wi-Fi, LAN, and VPN authentication failures are often caused by expired or mis-issued certificates—and they stop work immediately. SCEPman issues and manages X.509 certificates for 802.1X, WPA-Enterprise, and VPN authentication. Combined with RADIUSaaS, it provides a complete, cloud-native solution for certificate-based network access with fewer moving parts and fewer outage scenarios.

First-Class Support for Intune and Jamf

MDM is where certificate failures surface at scale. SCEPman integrates deeply with Microsoft Intune, Jamf Pro, and other MDMs, issuing and renewing certificates automatically for managed Windows, macOS, iOS, Android, and ChromeOS devices. Jamf can deploy certificates—but SCEPman ensures the certificate authority behind them is predictable, automated, and safe to operate.

Protect Servers and Non-MDM Systems

Not everything is managed by MDM. SCEPman supports servers, Linux systems, appliances, and unmanaged endpoints using EST (mTLS), REST APIs, and standard PKI tooling. This closes the gap that forces many teams to keep ADCS running “just for the hard stuff.”

Phishing-Resistant Access for Privileged Users

Strengthen high-risk access paths with certificate-based, phishing-resistant authentication. SCEPman issues identity certificates for administrators, smartcards, YubiKeys, and privileged access workstations, enabling passwordless access without relying on OTPs that fail under targeted phishing attacks.

Trust, Control, and Compliance—Without the Fear

SCEPman runs entirely in your Azure tenant and integrates with Azure Key Vault and Azure Monitor. Keys remain under your control, logs flow into your existing monitoring stack, and certificate actions are fully auditable. ISO 27001-certified software development provide enterprise-grade compliance.

Easy Azure Deployment via ARM Template or Terraform

Most teams issue their first certificate in under an hour. There’s no PKI archaeology, no brittle configuration, and no months-long projects. SCEPman is available via Azure Marketplace and deployable using ARM templates or Terraform, so you can move from outage anxiety to stable operations quickly.

RADIUSaaS Adds Network Enforcement

SCEPman handles certificate lifecycle management. RADIUSaaS enforces those certificates at the network edge. Together, they provide a complete, cloud-native solution for certificate-based Wi-Fi, LAN, and VPN access—without running your own RADIUS infrastructure. Available as a bundled offering with a 25% discount.