Meet us at Black Hat Europe! Booth #810

ICCE: The foundation of device identity

You can’t enforce Zero Trust without knowing — and proving — your devices. Smallstep brings together the key elements of a comprehensive device identity strategy: trusted inventory, high assurance credentials, resource configurations and ongoing policy enforcement. Secure every connection, stop device-based attacks, and complete your Zero Trust architecture.

Book a demo
background graphic
Automate config & renewal iconSecure Wi-Fi with hardware-backed EAP-TLS
Automate config & renewal iconDevice-bound credentials for Okta Workforce Identity
Automate config & renewal iconZTNA without passwords or agents
Automate config & renewal iconHardware-backed SSH for engineers
Automate config & renewal iconSaaS access gated by verified device identity
Automate config & renewal iconmTLS for internal services and workloads

Critical components of device identity

Critical components of device identity
Smallstep ACME certificate management dashboard with 32,175 attested devices across all platforms

Combined inventory

Without a comprehensive and trusted device inventory, you can't confidently rely on device identity for secure authentication. Smallstep Inventory is purpose-built for cybersecurity—it complements, but doesn't replace, your existing IT asset management (ITAM) tools.

  • A complete inventory of devices that syncs with your MDMs
  • Apple, Windows, & Linux devices
  • Secure Enclave & TPM 2.0 EKPub key support
Device certificate UI - TPM hardware attestation, high-assurance identity, Smallstep CA issued

Managed credentials

Once you have confidence in your trusted device inventory, Smallstep securely issues credentials to your trusted endpoints. Smallstep supports high-assurance enrollment via ACME Device Attestation on all major platforms (Windows, Mac, Linux), leveraging hardware-backed, non-exportable credentials.

  • Deploy certificates using your existing MDMs
  • Uses ACME Device Attestation, even on platforms without native support
  • Continuous credential management
Learn more about core components
Abstract Configuration interface

Resource configuration

Configuration management across platforms can be challenging. After issuing credentials, Smallstep automatically configures your endpoints to authenticate securely to resources such as Wi-Fi, VPN, and SaaS apps. Our cross-platform agent seamlessly handles credential and configuration management- for all of your endpoints - with or without your existing MDM solutions

  • Manage Wi-Fi, VPN, & browser certificates
  • Device identity requirements for SaaS & non-HTTP resources
  • Change to Certificate-based access on Linux devices – No MDM required
Policy Enforcement interface

Policy enforcement

Effective security requires verifying device identity at the moment resources are accessed. Authentication can occur directly at the resource level (such as an application or server verifying credentials) or via a centralized enforcement point (such as a proxy or gateway) that controls and authorizes access. Smallstep flexibly supports both enforcement approaches, ensuring your security policies are consistently applied across your infrastructure.

  • Ensure only trusted devices can access VPN / ZTNA
  • Use VPN or ZTNA to protect SaaS & internal Web Apps
  • Quickly revoke access to protected resources
  • Integrate with SSO providers to protect SaaS apps
  • Ensure access to Github or Git from only trusted devices
  • Ensure engineers & DevOps can only SSH from trusted devices
gradient background

Trusted at Enterprise Scale

Used by global banks, healthcare networks, fintechs, and public-sector organizations. Built on step and step-ca, trusted by 3,000+ organizations, including finance and defense. Powers Wi-Fi, ZTNA, SSH, and internal access modernization at scale. Learn how high-assurance device identity completes your Zero Trust architecture — without friction.

Book a demo