Skip to content

Overview: Zero Touch PKI

Zero Touch PKI is private PKI-as-a-Service to replace your legacy internal PKI. Through a single implementation, you offload management of your organization's privately trusted X.509 certificates to a continuously available cloud-based service with on-demand scaling and geographic redundancy.

Features and benefits

  • Root and issuing CA hierarchies designed to fit your organization's use case.
  • Compatibility with major identity providers via OIDC and SAML.
  • Flexible policies and templates for issuing certificates at scale.
  • Support for Microsoft Active Directory auto-enrollment, all major MDMs including Microsoft Intune and Jamf Pro, and common protocols such as SCEP, EST, ACME and REST.
  • Web-based interface for managing your instance.
  • Guidance and support for migrating your current PKI to Zero Touch PKI.

Next steps

To review key phases of the deployment project, see Implementing Zero Touch PKI. For a summary of configuration tasks that you'll complete, see Setup overview.