Certificate Autoenrollment for Entra ID Users

certEntra allows for the central autoenrollment of digital user certificates for Entra ID users in the Azure cloud and the provisioning of certificates on the devices of the users which are managed in Intune. By this, encryption, signature or authentication certificates can be enrolled. A typical use case is the enrollment of multipurpose S/MIME certificates from a public CA. These certificates can then be used for end-to-end e-mail encryption and signature on all managed devices of the user. Another scenario is the enrollment of user authentication certificates from a private CA like Microsoft ADCS which are needed for certificate based authentication (CBA). These certificates can be used for user authentication by a web server, VPN system, network access control (IEEE 802.1x) or even Entra ID CBA.

Features

- Autoenrolls/-renews S/MIME or authentication certificates for Entra ID users from public or private CAs

- Archives private decryption keys encrypted with Key Recovery Agent (KRA) certificates

- Automatically revokes certificates of changed or removed users

- Publishes certificates for end-to-end encryption with partners to GAL and Secardeo certBox

- Provides Shared Mailbox certificates to authorized users

- Provides basic certificate management functions for administrators and KRAs

- Provides customizable e-mail notifications

Advanced Enterprise Features

- Support of multiple backend CAs

- KRA certificates in your Key Vault

- User self-services

Deployment

certEntra is deployed as a Windows Virtual machine in Azure or on-premises.

The Deployment Guide can be found here.

Licensing

certEntra is licensed using Bring-Your-Own-License (BYOL) model. Fill out our contact form to receive a demolicence or purchase a software subscription license.