Secure VPN authentication
Eliminate credential theft
IPSec, TLS/SSL, IKEv2, EAP-TLS
Strong device identity
Smallstep’s approach to attestation-based, hardware-bound device identity is uniquely powerful as a seamless and secure single-factor for VPN attachment.
Authorized devices join VPN automatically, using Device Attestation for zero-touch deploy and the strongest possible assurance that only authorized, corporate-owned devices are able to access sensitive resources like IP and PII.
Seamlessly connect authorized devices
Devices connected to an enterprise VPN become part of your network. Simply authenticating users isn't enough to block access from personal or unauthorized devices. Smallstep uses Device Attestation to provide the strongest possible assurance that only authorized, corporate-owned devices can access sensitive resources like IP and PII.
Fast, easy compliance and DLP
Smallstep collaborated with Google, Apple, and Meta to develop Device Attestation, which effectively eliminates the possibility of impersonation and reduces IT support costs with zero-touch enrollment. This open standard technology is compatible with all major platforms and already protects some of the most valuable (and highly targeted) organizations in the world.
Upgrade your existing VPN in minutes
Turnkey integrations let you quickly upgrade your existing VPN to leverage device identity without impacting end-users. Smallstep supports native certificate-based authentication or Radius/EAP-TLS and works with VPNs based on IPSec, SSL/TLS, and IKEv2. This includes support for OpenVPN and StrongSwan as well as commercial VPNs from Aruba, Check Point, Cisco, F5, Juniper, Palo Alto Networks, SonicWALL, and Zscaler.