TLS Protect Cloud packages and add-ons¶
TLS Protect Cloud is available in two base packages—Standard and Enterprise—with optional add-ons for advanced use cases. The features available to you depend on your assigned package. License usage is measured separately from package selection using the Secured Certificate Instance (SCI) metric.
Compare packages¶
Tip
You can view your current plan and add-ons on the Licensing page (Settings > Licensing).
Every organization needs to license either the Standard or Enterprise package to use TLS Protect Cloud. Each package includes features for certificate lifecycle management, with Enterprise adding extended automation, integration, and compliance capabilities.
| Feature | Standard | Enterprise |
|---|---|---|
| SSO and IdP integrations | ✅ | ✅ |
| Certificate discovery (internet, internal network, CA import, API import) | ✅ | ✅ |
| Certificate monitoring and TLS validation | ✅ | ✅ |
| Email and in-product notifications | ✅ | ✅ |
| Custom reports and dashboards | ✅ | ✅ |
| Event log retention | 90 days | 13 months |
| Certificate issuance and CA connectors | ✅ | ✅ |
| Revocation and approval workflows | ✅ | ✅ |
| Built-in CA | ✅ | ✅ |
| Push provisioning (auto-renewal, scheduling, validation) | ❌ | ✅ |
| Push provisioning connectors (on-prem, cloud) | ❌ | ✅ |
| Machine, onboard, and cloud keystore discovery | ❌ | ✅ |
| SIEM, webhook, and Slack alerting | ❌ | ✅ |
| Credential management (CyberArk, adaptable credential) | ❌ | ✅ |
| HSM integration (hardware encryption for tenant data) | ❌ | ✅ |
| Full lifecycle CLM APIs | ❌ | ✅ |
| Automation frameworks (ACME, SCEP/EST) | ❌ | ✅ |
| Advanced revocation (CRL, monitoring) | ❌ | ✅ |
| Compliance policies | ❌ | ✅ |
| Adaptable workflows | ❌ | ✅ |
Note
NOTE: Feature availability is determined by your entitled package. As shown in the table above, some advanced capabilities are only available with the Enterprise package.
Add-ons¶
Add-ons are licensed separately and must be used in combination with a base package. Add-ons provide access to specialized integrations and extended platform capabilities.
| Add-on | Description |
|---|---|
| TLS Protect for Kubernetes | Adds support for visibility and automation of certificates in Kubernetes environments. Includes discovery, cert-manager integration, and service binding awareness. |
| Firefly | Provides a private certificate authority that you can host in your own environment. Firefly-issued certificates are managed in the platform, but do not count against your SCI license usage. |