Skip to content

Overview: Zero Touch PKI

Zero Touch PKI is private PKI-as-a-Service to replace your legacy internal PKI. Through a single implementation, you offload management of your organization's privately trusted X.509 certificates to a continuously available cloud-based service with on-demand scaling and geographic redundancy.

Features and benefits

  • Root and issuing CA hierarchies designed to fit your organization's use case.
  • Compatibility with major identity providers via OIDC and SAML.
  • Flexible policies and templates for issuing certificates at scale.
  • Support for Microsoft Active Directory auto-enrollment, all major MDMs including Microsoft Intune and Jamf Pro, and common protocols such as SCEP, EST, ACME and REST.
  • Web-based interface for managing your instance.
  • Guidance and support for migrating your current PKI to Zero Touch PKI.

Next steps

See Implementing Zero Touch PKI to review your deployment project. See Configuration overview to learn more about the tasks you'll complete when configuring your new instance.