GlobalSign Blog

Auto Enrollment Gateway - A Path to Certificate Automation and Provisioning

Auto Enrollment Gateway - A Path to Certificate Automation and Provisioning

Security is a critical concern for today's enterprises and their customers, especially with many employees pivoting to remote work over the past couple of years. To protect their most valuable and sensitive data, IT teams have been tasked with authenticating the users and devices accessing resources within their organization while ensuring data flows securely through their networks. This requires an incredible amount of time and expertise to manage.

To overcome challenges these challenges, Auto Enrollment Gateway, our robust certificate automation tool, facilitates a smooth and secure migration from on-premises to the cloud. Our solution ensures continuous uptime, eliminates the interruption of mission-critical operations due to invalid certificates, and provides employees with remote, secure access to company networks.

Our solution is a scalable managed PKI solution for enterprise environments utilizing various platforms and devices. The newest iteration of this valuable tool acts as a direct gateway between Atlas, GlobalSign's next-generation cloud Certificate Authority, and your Active Directory - effectively extending its reach to every endpoint on your network.

The intuitive user interface and provisioning capabilities make it easy to centralize, automate, and control all certificate activity across an organization. The Auto Enrollment Gateway can enroll and issue certificates for all Active Directory objects, including users, servers, desktops, laptops, and Domain Controllers.


  1. PKI Automation: Our Solution automatically issues and install certificates silently behind the scenes – without the need for employee intervention and creates a seamless end-user experience.
  2. Simplified PKI Management & Reporting: The AEG user interface makes it easier for administrators to manage enrollment options and protocols and helps in generating custom exportable reports.
  3. SAAS CA by a Trusted Partner: Outsourcing cryptography and PKI services to GlobalSign, a globally trusted CA and trust services provider, reduces the risk associated with supporting an in-house PKI operation while freeing IT to focus on core competencies.
  4. Mixed-Endpoint Environments: Auto Enrollment Gateway automates certificate issuance and management for Windows, MacOS, Linux, mobile, and networking device endpoints.
  5. Range of Use Cases: AEG comes with a wide range of pre-designed certificate templates support a variety of use cases, including S/MIME auto-deployment, smartcard logon, digital signatures for Microsoft Office documents, EFS, SSL, client authentication, DevOps and more.
  6. Key Archival, Recovery & Key Roaming: AEG securely archives encryption keys to later be recovered by the users they are issued to as well as roamed to other machines they are logged into, mitigating the risk of data loss and reducing the need for duplicate certificates and keys.


Our solution is integrated with Active Directory and supports SCEP and ACMEv2 protocols while providing quick, seamless certificate registration and provisioning, as well as key archival and recovery - without sacrificing control. Certificates can be issued from a dedicated private issuing CA hosted by GlobalSign and/or from GlobalSign’s public CA (for security applications that require public trust), all based on GlobalSign’s universally available and secure world-class infrastructure.



  1. Powered by ATLAS: Atlas is GlobalSign’s next-generation cloud CA. AEG sits on the edge of your network and serves as a direct portal to the world’s most powerful CA. Atlas shoulders everything, standing available any time – at any volume – for your certificate issuance needs.
  2. Simpler Transition to Remote Work: AEG is a ready-made solution for taking your organization remote. The ability to automate the enrollment of new endpoints and certificate provisioning for those endpoints allows you to onboard any employee, anytime, anywhere – saving you time and overcoming major logistical burdens.
  3. Simplified Certificate Management: Managing an in-house PKI can take up to a third of an IT manager’s time. Your team’s time is valuable, and the tedium of management can lead to mistakes. AEG helps automate this work with its certificate management capabilities, freeing IT from the bulk of its PKI burdens.
  4. Publicly Trusted: GlobalSign is a globally trusted certificate authority and an accredited Qualified Trust Service Provider (QTSP) in the EU. Beyond client certificates, GlobalSign can help you with:
    • Digital Signing
    • Code Signing
    • S/MIME
    • Client Authentication
    • SSL/TLS
    • Timestamping
    • OCSP
  5. Cost Effective: Managing in-house PKI is tedious and time-consuming. And in a remote work environment, enrolling and provisioning certificates is even more complicated for already-overworked IT and security teams. AEG will help you save money. It is far cheaper to work with an experienced CA partner like GlobalSign than to go it alone.


AEG allows you to leverage your existing internal systems, working seamlessly with a wide array of network environments and using cross-platform agents that can enroll and provision certificates for devices running any OS. And it runs on the most powerful CA engine in the world, Atlas.

The workload scales commensurately with your organization’s growth, making it challenging to stay on top of management and maintenance. With such a massive workload, important functions like crypto agility fall through the cracks. Auto Enrollment Gateway isn’t just a turnkey solution for remote work and a better way to manage your existing PKI, it effectively unlocks a world of use cases. And since the technical backend is managed by GlobalSign, an internationally recognized Certificate Authority for over 20 years, your IT and security teams will be liberated to work on other needle-moving endeavors.

Connect with us today to get started!


Share this Post

Related Blogs