Discover our products
KONNEKTKONNEKTRADIUSaaSRADIUSaaSRealmJoinRealmJoinUnified ContactsUnified ContactsTerraProviderTerraProvider
Try for free
Discover our products
KONNEKT
Work with your local office 365 data
RADIUSaaS
Authentication for your network
RealmJoin
Cloudbased Software distribution
Unified Contacts
Find contacts in Microsoft Teams
TerraProvider
Terraform Provider for Microsoft 365

SCEPman

Home

Certificates – simplified

Try SCEPman now
Home

SCEPman is a cloud-based public key infrastructure (PKI) that automates the entire X.509 certificate lifecycle for clients, servers, and IoT devices via the SCEP protocol. Seamlessly integrating with MDM platforms such as Intune and Jamf Pro , it provides automatic issuance, renewal, and revocation of certificates using the SCEP protocol.

Its object binding feature links certificates to users or machines, revoking them in real-time when needed, minimizing administrative tasks. SCEPman also supports TLS/SSL certificates for server authentication and integrates with RADIUSaaS for secure network access . Fully hosted in your Azure tenant, it ensures data sovereignty, automatic updates, and geo-redundancy for enhanced security.

What can we do for you?

Automate the Entire X.509 Certificate Lifecycle

Automate the Entire X.509 Certificate Lifecycle

SCEPman, a cloud-based certificate authority (CA), integrates seamlessly with MDM platforms, such as Intune and Jamf Pro, automating the entire lifecycle of X.509 certificates — from generation and renewal via SCEP or EST to revocation via CRL or OCSP. SCEPman uses a concept called object binding, which links each certificate to a user or machine. As a result, certificates are automatically revoked in real time when a user is deleted or a machine is wiped, while disabled users’ certificates are temporarily invalidated. This minimizes administrative overhead while preserving manual control where needed.
Read More
Maintain Full Sovereignty With Zero-Trust Architecture

Maintain Full Sovereignty With Zero-Trust Architecture

Enjoy full control over your Public Key Infrastructure (PKI) with SCEPman, hosted entirely in your Azure tenant with seamless Azure KeyVault integration and optional geo-redundancy. Safeguard your keys with 90-day soft-delete protection, even from internal threats. You maintain complete sovereignty while SCEPman automates updates for effortless management.
Protect Servers With Automated TLS/SSL Certificates

Protect Servers With Automated TLS/SSL Certificates

Secure your servers and devices with SCEPman’s TLS/SSL certificates. Easily issue certificates from your Public Key Infrastructure (PKI) via the web GUI, REST API, or SCEP client. Automatic enrollment and renewal are supported, including for MDM-managed Linux endpoints using EST (mTLS).
Read More
Sign Code, Emails, and Documents With Trusted Identities

Sign Code, Emails, and Documents With Trusted Identities

Protect your software, emails, and documents with trusted identity certificates from SCEPman’s certificate authority (CA). Securely sign executables and scripts, protect the integrity and authenticity of emails through S/MIME, and easily verify document authenticity.
Read More
Strengthen Security With Phishing-Resistant Access Control

Strengthen Security With Phishing-Resistant Access Control

Strengthen high-security environments with phishing-resistant access control, issued by a trusted certificate authority (CA) and supporting password-less authentication. Avoid OTP vulnerabilities by issuing certificates directly to administrators’ devices or hardware like smartcards and YubiKeys. Ideal for protecting critical assets, such as Privileged Access Workstations (PAWs) and admin portals, from sophisticated phishing attacks.
Read More
Deployment and Premium Support Included

Deployment and Premium Support Included

SCEPman is easy to use and deploy. Should you need help, you won’t be stuck on hold or asked to pay extra. The SCEPman subscription includes full deployment and premium support services.
SCEPman + RADIUSaaS = Seamless & Secure Network Access

SCEPman + RADIUSaaS = Seamless & Secure Network Access

SCEPman is the ideal companion to RADIUSaaS. Built by the same team as SCEPman, RADIUSaaS provides secure, hassle-free network authentication using certificates. It supports flexible authentication and simplifies guest access. These products are also available as a bundle with a 25% discount.
Read More

Let Our Customers Do the Talking

Barker CollegeDB SchenkerDouglasDPV HealtheswFreudenbergLUOVIRiver East Transcona School Divisionswb AGUniper SEVeidekke ASAWorldwide Express

Specifications

Certificates

Certificates

  • Device certificates (Wi-Fi, VPN, IoT)
  • User certificates (identity, email)
  • Code signing certificates (software, PowerShell scripts, Office macros)
  • S/MIME certificates (email security)
  • Server certificates (TLS/SSL)
  • IoT certificates (secure endpoints)
  • Active Directory Domain Controller certificates (WHFfB)
Protocols

Protocols

  • Enrollment: SCEP, REST API, EST
  • Validation: OCSP, CRL
Platforms & MDM

Platforms & MDM

Deployment

Deployment

  • Deploy via Azure Marketplace, ARM (Azure Resource Manager) templates or Terraform
  • PowerShell cmdlet for identity setup
  • Root CA generation
Scalability

Scalability

  • 50 to 100,000+ users
  • Geo-redundancy, auto-scaling
  • Hierarchical CA topology
Administration & Security

Administration & Security

  • Hosted in your Azure tenant
  • Azure Key Vault (HSM-backed, geo-redundancy)
  • Real-time certificate revocation (object binding)
  • Full manual control over certificates (issue, revoke)
  • Automatic updates, patching
ISO 27001

ISO 27001

  • Our development and operations teams are certified according to ISO 27001
Full Service

Full Service

  • Incident support
  • All updates included

Architecture

SCEPman is an Azure App deployed in your Azure tenant

What do you want to do next?

Try SCEPman
Drop us a question
Buy SCEPman
Product Team
We'd love to hear from you!
site/mailsales@SCEPman.com