Modern Certificate Management for Zero-Trust, Passwordless Access
Foxpass Cloud PKI provides a fully managed, private certificate authority (CA) that simplifies certificate lifecycle management across devices, applications, and networks.
Fully Managed Private PKI. No CA to Run, Patch, or Maintain.
Foxpass Cloud PKI gives you a secure, cloud-hosted certificate authority built for modern identity, endpoint, and network security. No hardware, no servers, no manual CA administration.
Eliminate password vulnerabilities with strong certificate-based authentication
Issue, renew, and revoke certificates automatically across your fleet
Enable phishing-resistant access to Microsoft 365, Salesforce, and other SaaS apps with Entra CBA
Integrate with leading MDMs like Intune, Jamf, Iru (formerly Kandji), Addigy, and more using our built-in SCEP endpoint
Extend certificate trust to Wi-Fi and VPNs with Foxpass Cloud RADIUS
Strengthen zero-trust security with device-bound credentials and identity-driven policy enforcement
Key Capabilities
Simple, Automated Certificate Lifecycle Management
Reduce manual administration and prevent outages with:
Automatic certificate renewal through your MDM’s SCEP profile
Easy certificate revocation for offboarding or compromised devices
Directory-driven revocation: when a user is disabled in your IdP, certificates are automatically invalidated
Audit trails for SOC 2, HIPAA, and internal compliance
Device identity binding for conditional access and zero-trust enforcement
Supports ClientAuth EKU (1.3.6.1.5.5.7.3.2) and certificate extensions required for Wi-Fi (EAP-TLS), VPN, Microsoft Entra CBA, and SCEP MDM deployments
Foxpass provides centralized visibility across all issued certificates — managed and unmanaged devices included
Directory-Integrated PKI
Foxpass Cloud PKI ties certificate issuance and lifecycle directly to your identity provider, including Microsoft Entra ID, Google Workspace, Okta, and OneLogin. When a user or device is disabled in the directory, its certificate is automatically invalidated, closing security gaps instantly.
SCEP Endpoint for Seamless MDM Integration
Deploy certificates via your existing MDM with zero friction.
Supported platforms include:
Microsoft Intune
Jamf Pro / Jamf School
Iru (formerly Kandji)
Addigy
Mosyle
Workspace ONE
Any SCEP-capable MDM
SCEP handles secure enrollment, key generation, and renewal automatically — ideal for large fleets or continuously changing devices.
BYOD Certificate Enrollment
Issue certificates to unmanaged personal devices using the Foxpass BYOD certificate installer, enabling secure access without requiring MDM device enrollment.
This is ideal for colleges, universities, contractors, hybrid environments, or organizations that need certificate-based authentication on personal laptops and phones.
Phishing-Resistant SaaS Access: Works Seamlessly with Microsoft Entra CBA
Foxpass Cloud PKI integrates directly with Microsoft Entra’s Certificate-Based Authentication (CBA) to secure access to:
Microsoft 365
Salesforce
Atlassian
Workday
Any app that supports CBA, SAML, or OAuth2
How It Works
Foxpass Cloud PKI issues user or device certificates
Certificates are trusted by Entra CBA
Users authenticate to SaaS apps using device-bound certificates 4. Conditional Access evaluates trust (issuer, device, expiration, compliance)
This eliminates passwords, prevents phishing, and ensures only company-managed devices can satisfy conditional access requirements.
Purpose-Built Integration with Foxpass Cloud RADIUS
Cloud PKI stands alone — but when paired with Foxpass Cloud RADIUS, you gain a complete passwordless network access stack:
EAP-TLS certificate authentication for passwordless Wi-Fi & VPN access
Automatic certificate-to-user mapping
End-to-end lifecycle automation, from issuance to renewal
This provides a unified, high-security approach for networks, devices, and SaaS resources.
Zero-Trust Certificate Architecture, Built-In
Foxpass Cloud PKI strengthens your organization’s zero-trust posture by enabling:
Continuous verification using certificate trust
Device-bound credentials that cannot be phished or stolen
Least-privilege access based on roles, identity, and device certificates
Enforcement of device compliance policies before granting access
Certificates become the backbone of identity-based access — across networks, endpoints, and cloud apps.
Why Foxpass?
Foxpass provides enterprise-grade certificate management without enterprise complexity.
Included with Foxpass Advanced RADIUS — or deploy as standalone
>99.9% uptime with global redundancy
Trusted by 500+ engineering, IT, and EDU organizations
Integrates with many identity providers (Entra ID, Okta, Google Workspace, OneLogin)
Backed by Splashtop’s world-class security and infrastructure
Foxpass Cloud PKI is platform-agnostic across identity, MDM, device, and network ecosystems.
Ready to Modernize Your PKI?
Start issuing secure, device-trusted certificates in minutes.