High-assurance identity for enterprise infrastructure
Increasingly critical infrastructure includes AI agents, MCP clients, MCP servers, and model runtimes acting autonomously.
AI expands the identity perimeter
Identity no longer stops at users and services. AI systems introduce non-human actors — including MCP clients and servers — that access internal APIs, SaaS applications, and sensitive data without a person in the loop. Your AI stack is now an access layer.
Enforcing device identity is a mess
ACME the new standard in security
Smallstep co-developed a real standard for high-assurance device identity with Google at the IETF. It's called ACME Device Attestation, ACME DA for short, and is a major upgrade to existing solutions like SCEP. ACME DA leverages hardware co-processors for attestation and keybinding⎯like a fingerprint for your device⎯ preventing credential exfiltration, phishing, and impersonation attacks.
Solve device identity for every use case
Device identity for Wi-Fi
Simple, secure certificate-based Wi-Fi using EAP-TLS
Device Identity for SaaS Apps
Protect resources by enforcing device identity in SSO flows
Device Identity for VPN & ZTNA
Enforce device identity when connecting to VPNs and proxies
Device Identity for DevOps
Cert management for workloads & VMs
Device Identity for SSH
Extend single sign-on & device identity to SSH
A cross-platform architecture that simplifies everything
There’s no need to string together point solutions when one platform can do it all. Say goodbye to maintaining multiple tools just to cover more than one operating system.
The building blocks of device identity
Achieving high-assurance device identity insists that four foundational components are in place. Smallstep simplifies the implementation of high-assurance device access by bridging the gap between security standards and operational reality. This leaves businesses with a modern and secure ecosystem to build on.
Get the data sheet
Device Identity ensures that only company-owned devices can access your enterprise's most sensitive resources, including Wi-Fi networks, VPNs, financial dashboards, intellectual property, and databases with GDPR-scoped PII.
Most MDMs don’t support Linux, but we do
Mobile Device Management tools (MDMs), like Intune for Windows or Jamf for Mac, are the orchestration layer that supports IT teams in managing large fleets of devices. Historically MDMs do not support Linux, often leaving Enterprise IT teams at a crossroads: should they allow engineers to use Linux even though doing so goes against basic security policies? Or rule out Linux entirely? Many companies find themselves in a game of limbo where no one wins.
Leading the industry in Zero Trust for devices
Empower your teams to work at the pace and scale of modern engineering.