Deployment Timeline
In March 2018, the client, an eco-friendly urban development company, contacted SecureW2 and another competitor to see which solution between the two, worked best for solving their problems. After trial periods with both, the customer decided to go with SecureW2.
After a few weeks of getting acclimated with SecureW2 the companies’ managed devices were all enrolled with certificates. They have since been fully equipped to handle BYOD certificate self-enrollment for their employees who want to use their own devices to the company network.
Challenges
The company’s IT department had been meaning to move away from PSK since they joined the company, but a missing password which resulted in a company-wide security scare increased the priority. Jeb, an IT manager explained, “After seeing how real the potential for catastrophe with credentials is, everyone on our team started researching better alternatives.”
After several internal meetings, the IT team decided on a number of key problems they needed to solve.
- They wanted to move away from PSK.
- They didn’t want to bind their devices into Active Directory.
- They wanted a certificate-based network but didn’t want to handle the certificate management side of things.
Additionally, any solution the company purchased also needed to be highly scalable. They were – and still are – a growing business spread across multiple physical locations.
Another important feature the company needed was an enrollment solution that was more secure than the traditional SCEP URL. They wanted to take advantage of OpenID to work with their existing Okta devices.
Solution
After evaluating their options with several different vendors, the customer found that SecureW2 was offering the best solution and was willing to help them get the exact network environment they were looking for.
SecureW2 used silent binary tools in combination with OpenID, to have all the clients Jamf-managed devices automatically enroll themselves with a certificate once they had been verified with Okta.
From the end-user perspective, they log in and Okta SSO is prompted, they see nothing else. SSO is supported, so once they are logged in, the certificate distribution is silent and simple.The client also wanted to make sure that certificates were renewed frequently to ensure safety. SecureW2 allowed them to set up certificate auto-renewal. The client easily set up this function through the management portal and now, their users simply use their expired certificate to get a new one each day.
Evaluating Success
SecureW2 was able to provide the client with an 802.1X solution that didn’t need expensive on-premise servers to manage. With a fully customized solution that allows them to leverage OpenID with Okta, they are certain that no bad actors will gain access to valuable company assets.
Their users are able to enroll and renew certificates without ever having to configure anything themselves. They no longer have to worry about any credential leaks or password related issues.
The customer is currently in the process of using SecureW2 enrolling all of the IoT devices, printers, fax machines, copiers etc. with certificates.