Use Cases

This page is intended to give you an overview of common use cases and scenarios our clients leverage SCEPman as cloud-CA for. While we cannot provide support for the intricacies of every vendor solution, we hope this overview helps you to quickly assess whether SCEPman could be a fit for your scenario, too - without overwhelming you with less common or even exotic use-cases. If you are unsure, just drop us a question.
Secure WiFi and Network Access
Certificates issued by SCEPman are widely used for the purpose of certificate-based network authentication (802.1X / EAP-TLS) for WiFi, Wired/LAN and VPN, typically along with a network access control (NAC) service that speaks the RADIUS or RadSec protocol. Such services commonly are
​RADIUSaaS​
Aruba ClearPass
Cisco ISE / Cisco ASA
Azure VPN Gateway / Azure AlwaysOn VPN
Fortinet FortiGate
Palo Alto GlobalProtect
Certificate-based Authentication
You can enrol user authentication certificates with SCEPman for TLS client authentication. This allows authentication to web sites or services such as
Internal web applications
Microsoft 365
Exchange Online
Azure Active Directory (AAD) / Azure CBA (currently no CRL support)
Other cloud services
Remote Desktop connections
AVD
Windows server administration
MDM Solutions
To automate the deployment of relevant configuration profiles and to keep certificates up to date (auto-renewal), we recommend to use SCEPman along with an MDM solution. While SCEPman natively integrates with Microsoft Endpoint Manager/Intune and Jamf Pro, our customers have successfully deployed SCEPman along with other MDM solutions.
Below table provides an overview of the most commonly used MDM solutions and indicates how/if certificate revocation is possible.
MDM Solution
Supported Platforms
Issuance & Auto-renewal
Automatic Revocation
Manual Revocation
Links
​Intune /
Endpoint Manager​
Windows
macOS
iOS
iPadOS
Android
Ubuntu
​☑
​
​☑
​
​☑


​Microsoft Docs​
​Jamf​
macOS
iOS
iPadOS
​☑
​
​☑
​
​☑
​
​Jamf Technical Paper​
​GSuite / Google Workspace​
ChromeOS
Android
​☑
​
​☑
*
​☑
​
​Google Support Docs​
​WorkspaceONE UEM​
macOS
iOS
​☑
​
​
​☑
​
​VMware Support Docs​
​Mosyle​
iOS
iPadOS
​☑
​
​
​☑
​
​
​SOTI MobiControl​
Windows
macOS
iOS
iPadOS
Android
Ubuntu
​☑
​
​
​☑
​
​Soti Docs - External CA
Soti Docs - SCEP Profile​
​Kandji​
macOS
iOS
iPadOS
​☑
​
​☑
*
​☑
​
​Kandji Docs​
*: Only works with user-type certificates if the user-objects are synced from Azure AD.
On-premise to Cloud Migration
Since SCEPman is a cloud-native general purpose CA, many of our clients who migrate their infrastructure into the cloud, use SCEPman to replace their on-premise Microsoft PKI/AD CS and NDES. Generally this is always possible, as long as the devices that shall receive certificates are hybrid- or full-Azure-AD-joined.

MDM Solution	Supported Platforms	Issuance & Auto-renewal	Automatic Revocation	Manual Revocation	Links
Intune / Endpoint Manager	Windows macOS iOS iPadOS Android Ubuntu	☑	☑	☑	Microsoft Docs
Jamf	macOS iOS iPadOS	☑	☑	☑	Jamf Technical Paper
GSuite / Google Workspace	ChromeOS Android	☑	☑ *	☑	Google Support Docs
WorkspaceONE UEM	macOS iOS	☑		☑	VMware Support Docs
Mosyle	iOS iPadOS	☑		☑
SOTI MobiControl	Windows macOS iOS iPadOS Android Ubuntu	☑		☑	Soti Docs - External CA Soti Docs - SCEP Profile
Kandji	macOS iOS iPadOS	☑	☑ *	☑	Kandji Docs

Last modified 1mo ago