IoT Edge Enroll

PKI Device Registration Authority (RA) as a Service

The complexity of PKI-based identity enrollment and management can be daunting. That’s why GlobalSign has developed Edge Enroll, a first-of-its-kind device Registration Authority as a Service to perform identification and authentication of certificate applicants.

A Registration Authority as a cloud-based managed service is a novel approach to the challenge many device manufacturers and operators face in finding, employing and retaining top notch PKI and RA experts to develop, set up and manage device identity provisioning. It puts the power of professionally developed RA services in the hands of CISOs, PKI managers, and IT and OT managers tasked with secure PKI device enrollment. Global Sign's implementation teams guide RA setup, in some instances eliminating the need for in-house PKI or RA developers all together. Service level agreements ensure high-level RA operation and performance following set up.

Facilitate and optimize device enrollment

Edge Enroll accelerates RA setup and operation via the use of pre-developed workflows. Our PKI experts created pre-configured policy definitions, certificate profiles, and device enrollment practices that suit common IoT use cases while still leaving room for customization, freeing up your time to concentrate on your core product development. For unique use cases, our PKI experts offer professional services to customize RA configuration with modular plug-ins to the extensible RA framework.

Edge Enroll enables and optimizes identity authentication, verification, issuance and re-issuance of identities to IoT devices, with proven functionality that reduces implementation risk, eliminating costly operational expense and liability of on-premise RA. Enrollment servers connecting via EST API speeds integration.

The Device Lifecycle Manager is a powerful RA admin function

Every IoT endpoint needs a device identity, and every IoT device identity has a lifecycle. Edge Enroll’s Device Lifecycle Manager lets you manage those identities throughout their lifecycles, providing an unprecedented level of control. Its extensive feature set consolidates RA functionality into manageable components, enabling effective management without specific PKI and RA expertise.

Customize configurations to suit individual IoT ecosystems; generate, store and retrieve private and public key pairs; define, set, manage and store device verification rules or use plug-ins to connect to external stores for secure device and policy storage.

The Device Lifecycle Manager lets authorized administrators view enrolled or whitelisted devices and their statuses via the device store. It grants access to the certificate store to manage certificate expiry, renewals, whitelists, and re-enrollments. Admins can even follow the identity enrollment history to view when and how it was enrolled and managed.

Harden your IoT attack surface for data, devices, and communications to the cloud

Edge Enroll is part of GlobalSign’s layered approach to IoT security. It is part of our proven, PKI-based IoT Identity Platform backed by our globally trusted Certificate Authority (CA) and delivers a secure, controlled and commercial grade device enrollment environment that protects device identities. It defines methods and credentials of identity verification based on unambiguous, unique identifiers for strong identity authentication and stores the certificates and device identities within the RA. Users gain hardened authentication layered on top of a hardened IoT Identity Platform for exceptional security.

Compete like a security pro on an established, high-performance IoT Identity Platform

Edge Enroll operates as a key component of our IoT Identity Platform, a scalable, high-performance certificate issuance engine. As a commercial grade RA and device identity management service, Edge Enroll levels the playing field for IoT device manufacturers and operators looking for cloud-based, packaged RA solution that offers the reliability, availability, and scalability of a well-designed commercial registration authority at a fraction of on-premise set up, management and maintenance costs.

Standard communication protocols (EST for device API and RESTful device lifecycle manager API with Go Lange client libraries) ensure interoperability. Edge Enroll is a star player on our IoT security lineup designed to secure, simplify and accelerate the addition of IoT security for device manufacturers and operators.

Who is Edge Enroll for?

  • Device manufacturers and operators securing their connected products with digital-certificate authenticated identities
  • Device manufacturers and operators looking to reduce the costly operational expense and liability of on-premise device registration, and enrollment set-up and management
  • Semiconductor manufacturers producing smart chips with built-in identity to create competitive advantage for downstream supply chain security
  • IoT developers and organizations wanting to manage unique device identities throughout their lifecycles


  • Powerful, cloud-based device Registration Authority as a Service
  • Simplified implementation and management of device enrollment
  • Hardened security via stringent device enrollment authentication and policy enforcement, communication encryption and secure identity storage
  • The most comprehensive commercial RA feature set available, built on a single framework
  • Experts guidance for RA set up with pre-configured workflows and certificate profile templates
  • Interoperable integrations with EST API
  • Minimizes the impact of security integration, enabling device manufacturers and operators to focus on their core IoT innovations


Device Lifecycle Manager – the control hub for all Edge Enroll functions including:

  • Policy Manager
  • User Manager
  • Identity Inventory
  • CA account manager
  • Auditing

Edge Enroll – Direct integration with GlobalSign CA for production certificates

  • Key generation
  • Policy enforcement
  • Enrollment servers
  • CSR generation
  • Certificate Templating
  • Pre-configured workflows