Home

SCEPman

Cloud based Certification Authority

Home

SCEPman is your cloud-based certification authority. It easily enables your Intune and JAMF managed clients for certificate based WiFi authentication.

But SCEPman can do more. SCEPman is an Azure App, that runs in your Azure tenant. You can install it within minutes and operations is super-easy. It can issue certificates for clients (device & users) as well as AD Domain controllers (Hybrid Key Trust for WHFB). SCEPman validates certificates with the modern OCSP protocol. For each validation, SCEPman checks the corresponding device/user with your identity provider (Azure AD or JAMF).

Specifications

Certificates

Certificates

  • Device certificates
  • User certificates
  • Active Directory Domain Controller certificates (WHFB)
  • Server certificates
Protocols

Protocols

  • Certificate issuing (SCEP, Portal)
  • Certificate validation (OCSP)
Validation sources

Validation sources

  • Microsoft Azure AD and Intune/MEM
  • JAMF
Deployment

Deployment

  • Easy ARM-based deployment
  • Terraform-based setup (optional)
Scalability

Scalability

  • 50 to >100.000 users
  • High Availability
  • Geo redundancy feature available
Customer Isolation

Customer Isolation

  • SCEPman runs in customers Azure tenant
ISO 27001

ISO 27001

Full Service

Full Service

  • Incident support and all updates included

Architecture

SCEPman is an Azure App, that you run in your Azure tenant

RADIUS Architecture

Why authenticate with certificates to access the network?

We hear this question frequently: "Why should I not log in to my WIFI by using my (Azure) Active Directory credentials?"

We believe that users should use their (Azure) Active Directory credentials as little as possible. Working password-less is state of the art and prevents identity theft. This is why we use certificates for network authentication. Authenticating with certificates means no credentials are transferred.

There is another benefit: device certificates are available for the operating system prior to user login. Therefore, network connections can be established before Windows user logon.

And finally, it is not a big deal: Certificates and WIFI profiles can be deployed to clients easily. SCEPman ist build to make this very easy for environments with clients, that are managed with Intune or JAMF.