Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1540
Views
2
Helpful
1
Comments

Certificate-based enrollment for Zero Trust Access

Venkat Tamilraj
Cisco Employee
Cisco Employee

on ‎05-15-2025 12:31 PM

We are excited to announce the general availability of Certificate-based Enrollment for Zero Trust Access (ZTA). This new enrollment method allows administrators to seamlessly onboard users on Windows and macOS devices using identity certificates, without requiring any user action. Organizations can now leverage their existing certificate infrastructure for a secure and streamlined onboarding experience. 

Key Benefits and Use Case

  • Seamless User Experience: Enrollment occurs silently in the background, eliminating the need for user intervention
  • Enhanced Security: Identity certificates tied to specific users ensure strong authentication and compliance with Zero Trust principles
  • Operational Efficiency: Integration with corporate Certificate Authorities (CAs) simplifies deployment, reduces manual effort, and minimizes administrative overhead

This feature is ideal for organizations looking to enhance security while reducing user friction during the onboarding process, particularly in environments with stringent compliance requirements or large-scale device deployments.

Getting Started

To enable Certificate-based Enrollment for your organization, follow these steps:

  1. Navigate to Connect > End User Connectivity in Cisco Secure Access 
  2. Click the Zero Trust Access tab and select Manage in the Enrollment Methods section
  3. Upload or choose a CA certificate with ZTA enrollment as the purpose
  4. Download the enrollment configuration file and install it on user devices which have a valid identity certificate
  5. Once configuration file installed, enrollment occurs automatically when the user signs into their device

Documentation and Resources

Best Practices

  • Ensure all user devices use the latest Secure Client release (currently 5.1.9)
  • Update and distribute enrollment configuration files if CA certificates are replaced or updated

We are confident that this new feature will simplify your Zero Trust Access deployments while enhancing security and operational efficiency. Feel free to post a comment below if you have any questions or require further information.

Labels:
Comments
jeff16384
Level 1
Level 1
‎05-20-2025 04:56 AM

Great info, but what about Linux?
for more than two years there is the promise that  Anyconnect/Secure Client will soon support also TPM on Linux

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents