IoT Device Identity Lifecycle

Simplify PKI device enrollment with IoT Edge Enroll,a market leader


How We Became a Market Leader

Among IoT Device Identity Management solutions, research firm ABI Research has named GlobalSign an IoT Device Identity Management market leader! According to the firm's 2022 second quarter report, our IoT Edge Enroll is one of the very best tools on the market today to keep IoT devices secure.

With proper PKI device enrollment being needed to provision unique, strong, secure device identities, IoT Edge Enroll is a full-featured registration authority service that ensures simple, optimized device enrollment. A key component of our PKI-based IoT Identity Platform, IoT Edge Enroll enables Device Identity Lifecycle Management and offers the most comprehensive, flexible, commercial PKI device enrollment feature set available.


Watch product video

Extensible and Secure

IoT Edge Enroll is built on a modular, extensible framework making it flexible for evolving and emerging cross-platform IoT needs. IoT Edge Enroll:

  • Is fully integrated with GlobalSign’s Certificate Authority (CA) so customers can select the root of trust they need.
  • Uses standards-based device enrollment protocols with dedicated enrollment servers, to speed integration and maintain secure interoperability. Enrollment over Secure Transport (EST RFC 7030), EST Client, and CMP v2.
  • Includes support for secure elements such as SRAM PUF, Secure MCUs, HSMs and TPMs including TPM 2.0 identity attestation integration.
  • Uses custom x .509 certificate profiles and templates to tackle tough IoT requirements that according to RFC 5280 “meet the requirements of specialized application domains or environments with additional authorization, assurance, or operational requirements” and can be applied to all types of x .509 certificates.
  • Integrates with top IoT platforms and cloud applications including Azure IoT Hub, DPS, and Edge, AWS IoT Core and Arm Pelion.

Key Features

Certificate Templating Engine for Exacting Enrollment - Leverage custom certificate fields and data to deliver maximum flexibility for unique IoT authentication requirements.

Device Identity Manager for Admin Control - Manage unique device identities throughout their lifecycles including certificate auditing and reporting, device whitelist management, device enablement/disablement and enrollment eligibility.

Enrollment Policy Engine for Enhanced Security - Configure trust chains by defining enforcement rules to easily set the level of authentication for enhanced security and compliance.

Plug-in Architecture for Customizing Enrollment - Build integrations to 3rd party data sources for enrollment attestation requirements or to build certificate templating enrollment and authentication rules.

Custom Workflows Address Unique IoT Use Cases - Enrollment workflows accommodate each individual IoT use case based on specific parameters, while still maintaining a predictable, repeatable and secure enrollment process.

IoT Edge Enroll simplifies PKI device enrollment set up and integration, optimizes IoT device enrollment operation, and hardens IoT security and authentication.

Who is IoT Edge Enroll for?

  • IoT device manufacturers including components with certificate-authenticated identities (IDevIDs) in their connected products
  • Critical infrastructure operators looking to reduce costly operational expenses and liability of on-premise device registration, enrollment and management
  • Semiconductor manufacturers producing identity-embedded microcontrollers or Trusted Platform Module (TPM) chips to create competitive advantage for downstream supply chain security
  • IoT developers wanting to secure device identity from production to deployment through end of life



  • Powerful, cloud-based device Registration Authority as a Service

  • Simplified implementation and management of device enrollment

  • Optimize enrollment operation according to best known standards

  • Hardened security via stringent device enrollment authentication and policy enforcement, communication encryption and secure identity storage

  • The most comprehensive commercial RA feature set available, built on a single framework

  • Expert guidance for RA set up with pre-configured workflows and certificate profile templates

  • Interoperable integrations via RESTful API or custom developed plugins

  • Minimizes the impact of security integration, enabling device manufacturers and operators to focus on their core IoT innovations

Learn How to Optimize Your IoT Device Enrollment

By submitting this form, a GlobalSign Product Specialist will contact you.

By submitting this form, a GlobalSign Product Specialist will contact you.