IronWiFi
Cloud PKI Hero

Passwordless WiFi with Cloud-Managed Certificates

Stop relying on shared passwords and credential sprawl. IronWiFi's Cloud PKI gives you a fully managed private CA, automated certificate lifecycle, and seamless MDM integration — so every device authenticates with a unique, unforgeable certificate.

Certificate-Based WiFi, Without the Infrastructure

Six capabilities that make deploying passwordless WiFi straightforward

Zero-Touch Certificates

Deploy certificates to managed devices without any user interaction. SCEP and EST protocols push certificates through your existing MDM — Intune, Jamf, or Workspace ONE.

  • SCEP & EST protocol support
  • Intune, Jamf, Workspace ONE
  • Silent provisioning
  • No user action required

Private CA as a Service

Your own private Certificate Authority, fully managed in the cloud. No hardware security modules, no CA servers to maintain — just issue, renew, and revoke certificates from a web console.

  • Dedicated root & intermediate CAs
  • RSA 2048/4096 & ECC keys
  • CRL & OCSP responder included
  • Audit log for every operation

Certificate Lifecycle Dashboard

See every certificate at a glance — active, expiring, revoked. Get notified before certificates expire and track which devices are using which certificates.

  • Expiration alerts (30/14/7 days)
  • Certificate-to-device mapping
  • Issuance & revocation history
  • Bulk operations

MDM Integration

Connect to your existing device management platform. IronWiFi works with Microsoft Intune, Jamf Pro, VMware Workspace ONE, and Google Endpoint Management.

  • Microsoft Intune (SCEP connector)
  • Jamf Pro (AD CS profile)
  • Workspace ONE (certificate template)
  • Google Endpoint Management

Automatic Renewal

Certificates renew themselves before they expire. MDM-managed devices get new certificates silently; portal-enrolled users receive a one-click renewal link.

  • Pre-expiry auto-renewal via MDM
  • Email renewal reminders
  • One-click portal renewal
  • Zero WiFi downtime

Instant Revocation

Lost laptop? Terminated employee? Revoke a certificate and the device loses WiFi access in seconds — not hours or days. No password resets across the entire network.

  • One-click admin revocation
  • User self-service revocation
  • Real-time CRL propagation
  • OCSP stapling support

How It Works

Two paths to passwordless WiFi — choose what fits your organization

Managed Devices (MDM Path)

For corporate-owned devices already enrolled in Intune, Jamf, or Workspace ONE. Create a SCEP profile pointing to IronWiFi's CA, push the WiFi configuration, and certificates deploy silently. Users never see a prompt — they just connect.

BYOD & Unmanaged (Portal Path)

For personal devices and contractors. Share an enrollment link or QR code. Users authenticate with their existing credentials (SSO, LDAP, or email), and the portal provisions a certificate and WiFi profile automatically — works on Windows, macOS, iOS, Android, and ChromeOS.

Included with Employee WiFi. No Add-Ons Required.

Every Employee WiFi plan includes Cloud PKI with certificates, SCEP automation, and full lifecycle management. Deploy passwordless WiFi to your entire organization at no extra cost.

Frequently Asked Questions

What is Cloud PKI and why do I need it for WiFi?

Cloud PKI (Public Key Infrastructure) lets you authenticate WiFi users with digital certificates instead of passwords. Certificates can't be shared, phished, or brute-forced — making your WPA-Enterprise network fundamentally more secure. IronWiFi manages the entire certificate lifecycle in the cloud, so you don't need to run your own CA infrastructure.

How do certificates get onto user devices?

There are two paths: MDM-managed devices receive certificates automatically through Intune, Jamf, or Workspace ONE via SCEP/EST protocols. For BYOD or unmanaged devices, users visit the IronWiFi Enrollment Portal, authenticate once, and receive their certificate and WiFi profile automatically — no IT intervention required.

Can I migrate from password-based WiFi to certificates?

Yes. IronWiFi supports running both authentication methods simultaneously, so you can migrate gradually. Start by enrolling managed devices via MDM, then roll out the enrollment portal for remaining users. Most organizations complete the transition within 2-4 weeks.

What happens when a certificate expires or a device is lost?

IronWiFi handles both scenarios automatically. Certificates nearing expiration trigger renewal notifications and can be auto-renewed through MDM. Lost or stolen devices can be revoked instantly from the admin console or by the user through the self-service device portal — the device loses WiFi access immediately.

Ready to Eliminate WiFi Passwords?

Start a 14-day free trial with Cloud PKI included. Deploy certificates to your first devices in under an hour.

Start 14-Day Free Trial See Pricing