SCEPman

Cloud based Certification Authority

SCEPman is your cloud-based certification authority. It easily enables your Intune and JAMF managed clients for certificate based WiFi authentication.

But SCEPman can do more. SCEPman is an Azure App, that runs in your Azure tenant. You can install it within minutes and operations is super-easy. It can issue certificates for clients (device & users) as well as AD Domain controllers (Hybrid Key Trust for WHFB). SCEPman validates certificates with the modern OCSP protocol. For each validation, SCEPman checks the corresponding device/user with your identity provider (Azure AD or JAMF).

Specifications

Certificates

Device certificates
User certificates
Active Directory Domain Controller certificates (WHFB)
Server certificates

Protocols

Certificate issuing (SCEP, Portal)
Certificate validation (OCSP)

Validation sources

Microsoft Azure AD and Intune/MEM
JAMF

Deployment

Easy ARM-based deployment
Terraform-based setup (optional)

Scalability

50 to >100.000 users
High Availability
Geo redundancy feature available

Customer Isolation

SCEPman runs in customers Azure tenant

ISO 27001

Our development and operations teams are certified
ISO 27001 Certificate

Full Service

Incident support and all updates included

Architecture

SCEPman is an Azure App, that you run in your Azure tenant

Why authenticate with certificates to access the network?

We hear this question frequently: "Why should I not log in to my WIFI by using my (Azure) Active Directory credentials?"

We believe that users should use their (Azure) Active Directory credentials as little as possible. Working password-less is state of the art and prevents identity theft. This is why we use certificates for network authentication. Authenticating with certificates means no credentials are transferred.

There is another benefit: device certificates are available for the operating system prior to user login. Therefore, network connections can be established before Windows user logon.

And finally, it is not a big deal: Certificates and WIFI profiles can be deployed to clients easily. SCEPman ist build to make this very easy for environments with clients, that are managed with Intune or JAMF.