From ac0f275cd68677677bf51b6ffba5b5a613c149c2 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Wed, 5 Jun 2024 10:22:23 -0700 Subject: [PATCH 1/2] Fix docs build --- platform/README.mdx | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/platform/README.mdx b/platform/README.mdx index 79f3679c..d23154dd 100644 --- a/platform/README.mdx +++ b/platform/README.mdx @@ -64,18 +64,11 @@ See:
- 💡 What about MDM’s that do not support Dynamic SCEP? -

- There are two main approaches to using SCEP as a certificate enrolment protocol: static and dynamic. -

-

- In static SCEP, a single challenge password is in every SCEP payload for every device. This practice is insecure and not recommended. Furthermore, it only shows a single user in reporting. We do not support this because we believe it's crucial to provide the most secure options for your infrastructure. -

-

- In contrast, for Dynamic SCEP, webhooks are used to generate new challenges and unique passwords for each device, and you would be able to see reporting for all devices. -

-

In such a case where your MDM does not support Dynamic SCEP, your next best bet to deploy Smallstep is to use the Smallstep Agent. See details below -

+

💡 What about MDM’s that do not support Dynamic SCEP?

+

There are two main approaches to using SCEP as a certificate enrolment protocol: static and dynamic.

+

In static SCEP, a single challenge password is in every SCEP payload for every device. This practice is insecure and not recommended. Furthermore, it only shows a single user in reporting. We do not support this because we believe it's crucial to provide the most secure options for your infrastructure.

+

In contrast, for Dynamic SCEP, webhooks are used to generate new challenges and unique passwords for each device, and you would be able to see reporting for all devices.

+

If your MDM does not support Dynamic SCEP, your next best bet to deploy Smallstep is to use the Smallstep Agent. See details below.

 From cfca354734db92846cb3292ef87c4fa0573bfabd Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Wed, 5 Jun 2024 15:05:44 -0700 Subject: [PATCH 2/2] Update platform/README.mdx Co-authored-by: Max --- platform/README.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/platform/README.mdx b/platform/README.mdx index d23154dd..bb4515d0 100644 --- a/platform/README.mdx +++ b/platform/README.mdx @@ -65,7 +65,8 @@ See:

💡 What about MDM’s that do not support Dynamic SCEP?

-

There are two main approaches to using SCEP as a certificate enrolment protocol: static and dynamic.

+

There are two main approaches to using SCEP as a certificate enrollment protocol: static and dynamic.

+

In static SCEP, a single challenge password is in every SCEP payload for every device. This practice is insecure and not recommended. Furthermore, it only shows a single user in reporting. We do not support this because we believe it's crucial to provide the most secure options for your infrastructure.

In contrast, for Dynamic SCEP, webhooks are used to generate new challenges and unique passwords for each device, and you would be able to see reporting for all devices.

If your MDM does not support Dynamic SCEP, your next best bet to deploy Smallstep is to use the Smallstep Agent. See details below.