Discover our products
KONNEKTKONNEKTRADIUSaaSRADIUSaaSRealmJoinRealmJoinUnified ContactsUnified ContactsTerraProviderTerraProvider
Start now
Discover our products
KONNEKT
Work with your local office 365 data
RADIUSaaS
Authentication for your network
RealmJoin
Cloudbased Software distribution
Unified Contacts
Find contacts in Microsoft Teams
TerraProvider
Terraform Provider for Microsoft 365

Certificate-based Network Authentication

Forget passwords and start trusting the power of certificates – with SCEPman!

Coding Person infront of a desktop

Are you still using passwords?

We believe that users should handle their Entra ID credentials as little as possible. People could watch you, when you type in your password. Working password-less is state of the art and prevents identity theft. Ideally, the authentication process should be seamless for the user.

Risks when using passwords

Organizations that still rely on password-based systems
for their networks may face several issues and risks:
Increased Vulnerability
Password-based systems can be easily compromised through techniques like phishing, brute force, or keylogging.
Management Overhead
Managing passwords for lots of users and devices is a significant administrative burden, involving resets, account lockouts, and maintaining password policies.
User Experience
The need to remember and regularly update passwords can lead to “password fatigue,” where users resort to insecure practices like using simple passwords or reusing passwords.
Scalability Issues
Password-based systems may not scale efficiently. The larger the network, the more challenging it becomes to manage user credentials effectively.

The solution: Certificates

To remove the risks involved with password-based systems, we strongly recommend using certificates for network authentication. Authenticating with certificates means that no secret credentials are ever transmitted.

Another advantage is that device certificates are available to the operating system before the user logs on. Therefore, network connections can be established before the user logs on.

Finally, it's no big deal: Certificates and WiFi profiles can be easily deployed to clients. SCEPman is designed to make this very easy in environments with clients managed by Intune, Jamf Pro and other MDMs.

What are the benefits of certificate-based network authentication?

Great User Experience

Great User Experience

  • It just works!
  • No dialog boxes to bother users.
  • No need to remember passwords.
  • No need for additional (MFA) steps like one-time passwords (OTPs) via mobile phones.
Enhanced Security

Enhanced Security

  • Passwords cannot be stolen because they are not used.
  • Certificates are difficult to forge.
  • Only authorized users gain network entry.
Streamlined Access Control & Centralized Management

Streamlined Access Control & Centralized Management

  • Certificates can be issued to employees, devices, or partners.
  • Access only with valid certificate.
  • No more multiple passwords or forgotten credentials.
  • Centralized management ensures consistency & scalability.

How does certificate-based network authentication work?

There are three important protocols that ensure certificate-based network authentication functions properly:

Extensible Authentication Protocol (EAP)
The Extensible Authentication Protocol (EAP) is the underlying framework that enables certificate-based authentication. It facilitates secure communication between clients (users or devices) and authentication servers.
IEEE 802.1X standard
The IEEE 802.1X standard defines how devices authenticate and authorize access to wired and wireless networks.
RADIUS
RADIUS (Remote Authentication Dial-In User Service) and RadSec (RADIUS using TLS) are protocols used for carrying authentication, authorization, and configuration information between a network component (network access server) and a shared central server (RADIUS server).
In the context of network security, 802.1X uses EAP over LANs (EAPoL) to handle the process of authenticating devices trying to connect to the network. 802.1X is the protocol that allows or denies network access, EAP is the protocol that determines how the identity of the user or device is verified during the authentication process. While 802.1X and EAP are involved in the actual authentication process, RADIUS is the protocol that allows this authentication data to be transported across the network.
Colorful SCEPman Certification Icon on a grey background

What are the benefits of using SCEPman for certificate-based network authentication?

We want to make IT administrators' work easier. That's why we have integrated SCEPman with Microsoft Intune and Jamf Pro. This has two main advantages:

  • Easy Certificate Deployment: Client certificates are easily deployed via SCEP through Microsoft Intune, Jamf Pro and other MDM platforms.
  • Auto Realtime Revocation: As soon as a user or device is deactivated in Intune (Entra ID) or Jamf Pro, SCEPman will answer validity-requests for certificates created for these entities as revoked. SCEPman can even include the Intune Compliance State of the device or the Microsoft Defender User Risk in the validation. Since SCEPman supports the OCSP protocol for certificate validation, this happens in real-time.
All in all, Intune & Jamf Pro administrators do not need to perform any additional work beyond their regular MDM workflow to issue or revoke client certificates.

Frequently Asked Questions

Get started with SCEPman

Enable your Intune and Jamf Pro-managed clients for certificate-based Wi-Fi authentication with SCEPman.

Try it out for free now!

Start now