A huge portion of today’s corporate network is made up of mobile endpoints, such as laptops, tablet computers, and mobile phones. These are domain-joined and non-domain devices that require access to corporate assets to carry out everyday operations. To facilitate easy access and secure information exchanges between the mobile devices and corporate assets, IT teams generally create and issue digital identities (SSL/TLS certificates) that authenticate endpoints into the network and encrypt two-way communication.

Because of the proliferation of endpoints in their IT infrastructures, most organizations take the easiest and fastest route to grant access to corporate assets to avoid delays in business operations. Often, multiple IT teams work in silos to generate and distribute digital certificates on-demand, without any proper approval workflows in place. This lack of visibility and central control results in mobile certificates generated and used outside corporate policies, then left unmonitored and unrevoked after authentication, creating opportunities for unauthorized access. This challenge is further compounded by the rapid transition to remote work and the ever-expanding bring your own device (BYOD) culture, increasing strain on the organization’s IT team to manage myriad connected devices that don’t fall under the radar of corporate perimeter.

An effective way to manage trust for the mobile ecosystem

For smoother management of mobile devices within the network, IT security teams deploy what is called a mobile device management (MDM) solution. MDM facilitates a policy-driven approach to securing, monitoring, and managing end-user mobile devices, providing complete network visibility and security while allowing users to work with their own devices efficiently.

Given the widespread use of certificate authentication, most MDM solutions offer discovery, deployment, and management of device certificates as part of their core functionality. However, mere management of authentication certificates is just part of the equation. For effective security and uninterrupted access, enterprise IT needs a more efficient solution to automate the life cycle management of device certificates stored in its MDM.

One way to achieve this is to integrate your MDM with a digital certificate management platform. The MDM typically acts as the broker between the mobile device and the certificate management solution which, in turn, facilitates automating the life cycle of certificates deployed to the mobile devices.

ManageEngine Key Manager Plus integrates with enterprise MDM to seal gaps in mobile certificate management  

Key Manager Plus, through its integration with ManageEngine’s comprehensive MDM solution Mobile Device Manager Plus, facilitates end-to-end life cycle management of digital certificates deployed to mobile devices across the corporate network. Listed below are some of the certificate management operations that can be performed on certificates deployed to mobile devices.

On-demand certificate discovery

Key Manager Plus establishes a secure API connection with the Mobile Device Manager Plus server and discovers the certificates that are deployed to mobile devices within the network through Mobile Device Manager Plus.

Certificate import and deployment

The certificates discovered by Mobile Device Manager Plus can then be imported into Key Manager Plus’ centralized certificate repository. Key Manager Plus also facilitates deployment of certificates from the certificate repository to specific mobile device platforms directly, without the need for navigating to the Mobile Device Manager Plus interface.

Timely expiration alerts

Key Manager Plus continuously monitors the validity of certificates deployed to mobile devices, and sends automated alerts to administrators when a certificate is about to expire. The notification window for these alerts can be customized. This enables IT administrators to attain complete visibility and control over mobile device certificates, facilitating uninterrupted connections to corporate assets for legitimate access requests.

Instant, comprehensive reports

Utilizing Key Manager Plus, IT administrators can generate on-demand or scheduled reports on mobile device certificates to effectively track the use of certificates deployed to devices across the network. Reports can be filtered according to the date of import, or the OS platform and can be exported as PDF or CSV files and sent to specific recipients for further action.

If you’re on the lookout for a key management solution that’s inclusive of mobile device certificate management, try Key Manager Plus. Click here to claim your 30-day, free trial of the full version of Key Manager Plus. You can also schedule a free, personalized demo with a product expert, or send your questions to us at keymanagerplus-support@manageengine.com.

Key Manager Plus is a part of ManageEngine’s privileged access management (PAM) suite of solutions. Beyond digital identity management, this suite provides solutions for enterprise privileged access security, privileged account management, and privileged session management making it the one-stop shop for IT security teams looking to secure all kinds of privileged access within the enterprise.


Product marketer, Privileged Access Management