Fundamentals of device identity

Smallstep brings together the key elements of a comprehensive device identity strategy: trusted inventory, high assurance credentials, resource configurations and ongoing policy enforcement.

Contact us
background graphic

Critical components of device identity

Marketecture of critical Device Identity components
Inventory list view UI

Combined inventory

Without a comprehensive and trusted device inventory, you can't confidently rely on device identity for secure authentication. Smallstep Inventory is purpose-built for cybersecurity—it complements, but doesn't replace, your existing IT asset management (ITAM) tools.

  • A complete inventory of devices that syncs with your MDMs
  • Apple, Windows, & Linux devices
  • Secure Enclave & TPM 2.0 EKPub key support
UI of credential management

Managed credentials

Once you have confidence in your trusted device inventory, Smallstep securely issues credentials to your trusted endpoints. Smallstep supports high-assurance enrollment via ACME Device Attestation on all major platforms (Windows, Mac, Linux), leveraging hardware-backed, non-exportable credentials.

  • Deploy certificates using your existing MDMs
  • Uses ACME Device Attestation, even on platforms without native support
  • Continuous credential management
Abstract Configuration interface

Resource configuration

Configuration management across platforms can be challenging. After issuing credentials, Smallstep automatically configures your endpoints to authenticate securely to resources such as Wi-Fi, VPN, and SaaS apps. Our cross-platform agent seamlessly handles credential and configuration management- for all of your endpoints - with or without your existing MDM solutions

  • Manage Wi-Fi, VPN, & browser certificates
  • Device identity requirements for SaaS & non-HTTP resources
  • Change to Certificate-based access on Linux devices – No MDM required
Policy Enforcement interface

Policy enforcement

Effective security requires verifying device identity at the moment resources are accessed. Authentication can occur directly at the resource level (such as an application or server verifying credentials) or via a centralized enforcement point (such as a proxy or gateway) that controls and authorizes access. Smallstep flexibly supports both enforcement approaches, ensuring your security policies are consistently applied across your infrastructure.

  • Ensure only trusted devices can access VPN / ZTNA
  • Use VPN or ZTNA to protect SaaS & internal Web Apps
  • Quickly revoke access to protected resources
  • Integrate with SSO providers to protect SaaS apps
  • Ensure access to Github or Git from only trusted devices
  • Ensure engineers & DevOps can only SSH from trusted devices
Inventory list view UI

Learn more about the platform

The Smallstep platform helps mitigate numerous cybersecurity threats – from phishing to advanced hardware attacks – without impacting end-user workflows.

Learn more
gradient background

Enforce device identity everywhere

Whether you’re working towards a compliance standard, closing gaps in policy enforcement, or preventing nation-state attacks, our team is here to show you how Smallstep can help.

Book a demo