Contact Us

EZCA The #1 SCEPman Alternative for Cloud PKI


Looking for a better PKI solution? Don't settle for SCEPman - try Keytos Azure PKI instead!

At Keytos, we understand that security is a top priority for your organization. That is why we have developed a powerful and easy-to-use PKI solution that is built specifically for Microsoft Azure. While both SCEPman and EZCA can be quickly setup and issue intune certificates in minutes, EZCA does not just stop at issuing Intune certificates. Our native Azure PKI integrations make EZCA is a full PKI solution that can replace your on-premises ADCS Certificate Authority.


Create a Secure Intune CA In Minutes

EZCA SaaS offering makes it easy to create an Intune CA in minutes, watch the video below to see it in action. Deploy yours by following our documentation.


Full Network Authentication Stack

EZCA + EZRADIUS SaaS offerings makes it easy to fully migrate your network authentication to the cloud, by offering a cloud PKI and RADIUS service, Keytos allows you to fully remove your on-premisses infrastructure and secure your network with Azure based services.


Completely Replace Your ADCS with Azure based PKI

EZCA completely replaces your on premises ADCS CA by allowing you to achieve all the functions that your legacy CA did, without needing to worry about the maintenance and upkeep that it takes to run a highly available PKI. In addition to Intune SCEP certificates, EZCA can issue the following certificate types:


Domain Controller Certificates for Hybrid Hello For Business

One of the key components of passwordless authentication and any modern IT stack is Windows Hello for Business. It gives users a convenient passwordless way to authenticate to corporate resources. EZCA creates the domain controller certificates required for Hybrid Key Trust Hello For Business deployment


Regular SSL Certificates for Internal Sites and Service to Service Authentication

When EZCA was created, the main goal was to help organizations automate the issuance of SSL certificates for all scenarios. We do this via Azure Integrations in addition to enabling other modern certificate issuance methods such as local ACME enabling your engineers to use the tools they are familiar with for certificate lifecycle automation.


Smart Card Certificates

If you are looking at issuing SCEP certificates to intune devices, you are also probably looking at other passwordless authentication methods such as Smart Cards, authentication with Azure CBA, and perhaps even FIDO2 keys. EZCA connects to EZSmartCard the first fully passwordless authentication onboarding tool for Azure.


Why Is EZCA the Best SCEPMan Alternative?

Secure and Compliant While ease of use and quick setup are important factors for a PKI solution, ensuring security and compliance is paramount. EZCA is a globally trusted PKI solution that prioritizes security by adopting industry-leading measures to secure our infrastructure. Our team of experts constantly monitor and update our systems to ensure that they meet the highest security standards. Additionally, our PKIaaS offering's high availability SLA allow your team to focus on other pressing security issues while your CAs will automatically be updated and secured.


PKI Expertise and Guidance Creating a new Certificate Authority can be an intimidating process, our team of PKI experts will be with you every step of the way, When you book your first EZCA demo, a PKI expert will join the call and guide you through the whole process. Additionally, this same expert will be available to answer any questions you may have as you continue your PKI planning, ensuring you are following best practices.


Security that Meets Your Needs EZCA offers a range of plans designed to meet your security needs. Our Basic CA plan enables secure certificate issuance for most organizations, while our advanced plans offer additional features that can help you meet more stringent security requirements. These features include FIPS 140-2 Level 3 HSMs, private infrastructure options, bring-your-own-infrastructure, and bring-your-own-HSM options. Whether you are a small business or a large enterprise, EZCA has a plan that can meet your unique security needs.


Comprehensive Passwordless Solution Keytos offers a complete suite of tools to help you achieve full passwordless security with Entra ID. With Keytos, you have a single, trusted provider for all your needs, including cloud certificates, RADIUS authentication, FIDO2 and Smartcard management, and SSH access management—all in one place.


Cloud-Based Convenience One of the key benefits of moving to the cloud is freedom from managing your own infrastructure. The entire Keytos toolset is hosted on your behalf, meaning that Keytos ensures the availability and scalability of your deployment. Say goodbye to late-night troubleshooting calls and server restarts—Keytos has you covered.

Feature SCEPMan EZCA
SCEP SCEPMan supports scep Keytos supports scep
Intune SCEP Connection SCEPMan supports Intune scep Keytos is an approved SCEP partner for Intune
Bring your Own Infrastructure SCEPMan supports bring your own infrastructure Keytos supports bring your own infrastructure
Domain Controller Certificate Support SCEPMan supports Domain Controller Certificate Support Keytos Domain Controller Certificate Support
Hybrid Windows Hello for Business SCEPMan supports Hybrid Windows Hello for Business Keytos supports Hybrid Windows Hello for Business
OCSP SCEPMan supports OCSP Keytos supports OCSP
Azure Key Vault Integration for Leaf Certificates Keytos supports automatic rotation of Key Vault Certificates
CRL Support Keytos supports CRL Revocation checking
Entra ID App Certificate Rotation Keytos supports Entra ID App Certificate Rotation
SaaS Offering Keytos supports SaaS offering where you don't need to manage the infrastructure
SOC2 Compliant Keytos is soc2 and ISO 27001 Compliant
ACME Support Keytos supports certificate automation with ACME
Public CA Certificate Management Keytos allow you to manage public SSL certificates with global sign
SSH Certificate support Keytos EZSSH supports full SSH access management with SSH certificates
Azure IoT Integration SCEPMan does not have an Azure IoT connection
FIDO2 and Smartcard management SCEPMan does not manage and onboard FIDO2 and Smartcards
SSH Access management SCEPMan supports SSH certificates but does not do the access control for SSH endpoints
Cloud RADIUS Keytos offers a cloud radius

Scepman Pricing vs EZCA Pricing

When evaluating certificate management solutions, it's essential to consider both the cost and the features offered. SCEPMan offers two versions: the Community Version, which is advertised as "free" with no licensing the only costs are for the Azure resources consumed, and the Enterprise Version for those seeking support, intermediate CAs, geo-redundancy, certificate management, or certificates for Domain Controllers for Hybrid hello for business authentication. The Enterprise version has a cost per user per month (for example a 400 user deployment will cost 295 Euros plus the Azure infrastructure expenses). On the other hand, Keytos EZCA provides a straightforward pricing model at $200 per month for each CA, including all infrastructure, user management, redundancy, support, and more. It's worth noting that while the costs of these solutions might initially seem high, such as $200 monthly just for issuing certificates, they can be more cost-effective and significantly simpler than managing the infrastructure they replace, like ADCS, CRL, and NDES, in Azure VMs.

You Might Also Want to Read

Modernize Your PKI in Minutes

Get a Free PKI Assessment

Talk to one of PKI experts on how EZCA can reduce your IT cost, while improving your user productivity and security. Schedule Free Assessment