The Challenge
A global energy storage manufacturer faced bottlenecks in two key areas: authorization and access. Internally-written code for in-house applications was taking days to deploy, causing slow authorization. At the same time, the company’s many remote workers faced delays in gaining access to the network when they returned to the office.
The firm also wanted to enhance compliance by providing secure email signing for its government contracts.
The device fleet spanned Windows, Android, and Mac endpoints managed through two multi-device management (MDM) solutions: Intune for corporate devices and NinjaOne for manufacturing endpoints. Older Android devices on the manufacturing floor could not support standard certificate policies, adding deployment complexity.
A single engineer managed all application code signing with one certificate. That created both a security risk and an operational bottleneck. The DevOps team also needed automated certificate management for servers and applications.
Budget pressure constrained every decision. The team needed a platform that could deliver substantial return on investment (ROI) by increasing efficiency and covering multiple use cases on a single license rather than requiring separate products for Wi-Fi authentication, code signing, and BYOD management.
The Solution
The manufacturer first deployed the SecureW2 JoinNow platform for certificate-based Wi-Fi authentication in 2024. The initial rollout covered 2,000 Windows and Android devices through Intune and NinjaOne, with Okta serving as the identity provider for real-time user verification at every authentication event.
JoinNow MultiOS handled BYOD enrollment for unmanaged devices, giving contractors and guests a self-service onboarding path that required no IT involvement.
For legacy Android devices that could not process standard certificate policies, the team shifted to MAC address-based enrollment. This maintained security while accommodating hardware limitations on the manufacturing floor. The dual-MDM architecture — Intune for corporate endpoints and Ninja One for manufacturing — required separate SCEP configuration profiles, but both delivered certificates from the same PKI hierarchy. Cloud RADIUS authenticated all devices through a single EAP-TLS policy regardless of which MDM issued the certificate.
As the team gained familiarity with the JoinNow platform, they expanded into application code signing, integrating self-signing certificates with Admin By Request for privilege access workflows.
The DevOps team also began using the platform for server and application certificate management, giving in-house developers their own signing capabilities to speed up the deployment of internal code.
The Results
- Return on investment. Expanding use cases on the new platform extracted more value without standing up new infrastructure.
- Authorization bottleneck eliminated. A single-engineer, single-certificate process now runs through managed PKI with proper lifecycle controls.
- Network access challenges resolved. A new PKI architecture with continuous, real-time background checking supports longer certificates for remote employees.
- Legacy Android devices secured. MAC address-based enrollment brought certificate-based security to manufacturing devices that could not support standard SCEP.
- One PKI backbone for three functions. Wi-Fi authentication, code signing, and BYOD onboarding run on a single platform rather than separate certificate infrastructure.
With email signing certificates as the next planned use case, the manufacturer continues to find new applications for a PKI infrastructure that started with Wi-Fi. Each additional use case reduces the per-function cost and strengthens the security posture across corporate and manufacturing environments.