Back to Customer Stories
Technology / Cybersecurity
1min read
June 13, 2026

How a Cybersecurity Company Deployed Certificate-Based Authentication Across 3 MDMs

At a Glance
Industry Technology / Cybersecurity
Use Case Wi-Fi 802.1X, VPN certificate authentication, internal CA replacement
Products Cloud RADIUS, Dynamic PKI, JoinNow Platform
Key Result Deployed certificate-based authentication across three MDMs in a few months
Read the Full Story
Schedule Demo

The Challenge

A cloud-focused cybersecurity company’s internal Wi-Fi lacked security due to outdated password-based network access. This created a security gap and an optics problem.

The device fleet spanned three Mobile Device Management (MDM) platforms: Jamf for Mac, Workspace ONE for legacy Windows, and Intune for Windows. All three needed certificate enrollment configuration — each with a unique integration path.

In addition to securing Wi-Fi with certificate-based authentication, the firm also wanted to leverage the added security certificates offer for Palo Alto Global Protect VPN authentication and internal web servers. Finally, the company intended to replace its internal certificate authority with a cloud-based PKI service.

The Solution

The deployment moved through four structured implementation sessions over several months.

Session one configured SCEP-based certificate enrollment through Jamf for the Mac fleet and Intune for Windows devices migrating from Workspace ONE. Session two brought Workspace ONE into the fold for legacy Windows machines. Session three tackled WSTEP for domain-joined Windows devices authenticating against Active Directory. Finally, session four added Palo Alto Global Protect VPN certificate authentication. In total, the company enrolled around 4,000 company devices.

The team shifted from device certificates to user certificates and shortened the validity to 90 days, tightening their security posture. Meraki handles wireless, while Cisco Catalyst 9300 and Arista switches serve the wired side. Okta provides identity with Duo for two-factor authentication. All certificate enrollment flows authenticate against a cloud-native RADIUS server with real-time identity lookups.

The Results

  • 4,000 devices enrolled across three MDM platforms (Jamf, Workspace ONE, Intune) in just a few months
  • 90-day user certificates replaced device certificates for a stronger security posture
  • Internal CA slated for decommission: cloud-based PKI replacing on-premises certificate infrastructure

Once the internal CA is decommissioned, the JoinNow platform will serve as the sole certificate authority for the company’s entire corporate infrastructure. The firm is working toward a model where every network touchpoint — Wi-Fi, VPN, wired, and web applications — authenticates through a single, cloud-managed certificate lifecycle.

Learn More About SecureW2

Explore SecureW2's trust model, dive into our platform and product details or read more success stories.

Why SecureW2

Establish continuous trust with Dynamic PKI and Cloud RADIUS. Enforce access based on live identity, device posture, and risk context.

  • Passwordless authentication that can’t be phished
  • Works with your IdP, MDM, and security stack
  • Real-time policy engine for dynamic access control
Learn More
Explore the Platform

Get the essentials on the products that power continuous enforcement.

SecureW2 JoinNow Platform
SecureW2 Dynamic PKI
SecureW2 Cloud RADIUS
MultiOS for Self-Service Onboarding
Integration Hub
Knowledge Base Articles

Explore practical guidance from engineers and admins deploying SecureW2.

  • Setup and configuration tutorials
  • Integration best practices with IdPs and MDMs
  • Troubleshooting guides for PKI and RADIUS
Browse Explainers