You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<p><strong>💡 What about MDM’s that do not support Dynamic SCEP? </strong></p>
<p>There are two main approaches to using SCEP as a certificate enrolment protocol: static and dynamic. </p>
<p>There are two main approaches to using SCEP as a certificate enrollment protocol: static and dynamic. </p>
<p>In static SCEP, a single challenge password is in every SCEP payload for every device. This practice is insecure and not recommended. Furthermore, it only shows a single user in reporting. We do not support this because we believe it's crucial to provide the most secure options for your infrastructure.</p>
<p>In contrast, for Dynamic SCEP, webhooks are used to generate new challenges and unique passwords for each device, and you would be able to see reporting for all devices.</p>
<p>If your MDM does not support Dynamic SCEP, your next best bet to deploy Smallstep is to use the Smallstep Agent. <em>See details below.</em></p>
