Device Attestation

Modern encryption for Enterprise IT

Connect Jamf and Intune to issue client certificates for VPN and Wifi in minutes. Replace complex legacy solutions like Active Directory Certificate Services (AD CS) and EJBCA with Smallstep. Accelerate your transition to identity-based security: power seamless access management, eliminate phishing, and reduce hassle for users and IT support.

Reduce IT support costs with zero-touch enrollment

Transition from AD CS without network overhaul

Smallstep’s platform has backwards-compatible support for all of the legacy enrollment protocols and validation services supported by AD CS including SCEP, NDES, OCSP, and CRL. Don’t believe us? We also let you bring your existing root with you, so you can get up and running in minutes to see for yourself [with no risk].

Learn more >

Device identity built for the future, available today

Smallstep collaborated with Google, Apple, and Meta to develop the next generation of secure device enrollment. Device attestation effectively eliminates the possibility of impersonation and reduces IT support costs with zero-touch enrollment.

This open standard technology is compatible with all major platforms and already protects some of the most valuable (and highly targeted) organizations in the world.

Kill phishing, not productivity

Go beyond “phishing-resistant” by leveraging cryptographic hardware to prevent credential compromise altogether — even with a root-level compromise. Not sure whether your devices are capable? We can tell you (and they probably are). Device identity can act as a strong second-factor or seamless single-factor for authentication to provide the strongest assurance that sensitive resources are only accessible from corporate devices.

Not your granny’s Enterprise PKI

Built for modern Enterprise IT use cases and DevOps workloads, we’re rethinking what certificate-based authentication can do. And we have the technology to deliver. Issue short-lived certs to ephemeral workloads. Streamline infrastructure access. Combat shadow processes and consolidate on an accessible toolchain that your team will love. We’re here for it. We won’t break a sweat with loads that take the competition down. Instead of a wake-up call we’ll shoot you an email summary after we roll certs org-wide in minutes. Sleep tight.

Join early access today

Automatically manage certificate lifecycle, health status, best practice security configurations, and API access for your workloads and devices.