Contact Us

How to Create Self-Service User Certificates for Non-Managed Devices

How to set up an Intune certificate authority (CA)
07 Mar 2024

Modern Certificate Issuance and Management

Have you ever wondered about issuing or managing certificates for secure access (like Wi-Fi or VPN) for users, including those not managed by an MDM (Mobile Device Manager)? …in today’s modern security climate, who hasn’t? We certainly have! We’ve had so many prospects and clients come to us and ask how to effectively manage this process, so we figured it was about time to “give the people what they want.” For that reason, we’re excited to introduce our “new-ish” self-service feature “simplify” the process within our SCEP CA. Check out our quick video right below to see exactly how “easy” it is to get started with EZCA!

Key Features of Self-Service Certificates

EZCA has been the leader in cloud PKI for quite some time now, and the newest feature enabling self-service certificates only stands to reinforce that stature. Users can now issue their own certificates for connecting to Wi-Fi or VPN using their AAD (Azure Active Directory) identity or through guest policies. This eliminates most of the admin work your team loathes when setting up access for unmanaged devices. This approach empowers individuals within an organization to securely authenticate and encrypt data, facilitating secure access to networks, applications, and services. By enabling self-service, organizations can streamline the certificate issuance process, reduce administrative overhead, and enhance security protocols with minimal effort, making it an efficient solution for managing digital identities and access controls.

Here are some other ways in which employing self-service certificates across your network benefits your organization and its users.

Ease of Use: The process is designed to be straightforward, with users simply clicking to request a certificate without needing to understand the underlying technical details.

  1. A new tab for user certificates appears in the user interface, allowing users to easily create and manage their certificates.

  1. Users can save private keys, opt for automatic renewal, and choose between different certificate formats for download.

  1. Instructions on installing the certificates are also provided to ensure users can securely connect to the necessary services.

Configuration Flexibility: Administrators can set up templates for certificates, including user principal names and email addresses as subject names and alternative names, respectively.

Policy Management: Allows for the creation of different policies for various needs, such as Wi-Fi access, with options to customize the Extended Key Usage (EKU) settings.

Private Key Handling: Options to enable users to reuse the same private key across different devices, with the private key securely stored and encrypted by the system’s HSM (Hardware Security Modules) .

User and Group Management: Admins can specify which users or groups are allowed to issue certificates, including support for guests from other organizations.

Guest Access: Enables guest users to create certificates by adding the company’s application to their tenant, with control over which groups within the guest’s organization can create certificates.

Self-service certificate creation in Azure

Getting Started with Self Service Certificates

Creating user certificates through a self-service portal like EZCA simplifies secure identityI management for organizations of all sizes. The feature aims to streamline the process of obtaining secure access for both internal and external users, enhancing the overall security posture of the organization. Long story short, this means enhanced security with less administrative overhead. Self-service certificates allow for quick, efficient, and secure authentication processes, vital for maintaining secure access controls and data protection. They enable automatic renewals, ensuring continuous security without manual intervention. This flexibility and efficiency make self-service certificates a valuable asset for any organization prioritizing security and operational efficiency.

At Keytos, we champion Certificate Based Authentication, recognizing its potential to significantly enhance security and the overall user experience. We also understand that sometimes deciding whether CBA is the best way to go for your organization can be overwhelming. If you’d like to discuss how EZCA can elevate your organization’s security posture, we invite you to connect with our team of PKI Experts for a FREE and comprehensive consultation. We invite you to leverage our Team’s extensive experience to help you on the path towards true zero trust security! In the meantime, please feel free to explore our PKI documentation or YouTube channel for more insight onto how leveraging IoT PKI with Keytos can help ensure the security of your organization!

You Might Also Want to Read