Smallstep

Smallstep (also known as Smallstep Labs) is a B2B SaaS security company focused on device identity and certificate-based access control. The company developed an open-source certificate authority and PKI (Public Key Infrastructure) toolchain, which has been adopted broadly, including by a significant portion of Fortune 100 companies. Smallstep's core platform centers on high-assurance device identity, enabling organizations to enforce that only company-owned and managed devices can access sensitive applications, systems, and resources. The company partnered with Google and Apple to develop standards for hardware-bound device identity, binding access credentials to device hardware to reduce the risk of credential theft or misuse. The platform integrates with existing device management and endpoint solutions (such as Jamf) and supports a range of access scenarios including Wi-Fi, VPN, Zero Trust Network Access (ZTNA), public SaaS applications, internal web applications, cloud APIs, and more. Smallstep also offers integrations with identity providers such as Okta. Key product areas include: Privileged Access Management, Network Encryption and Workload Identity, and Managed Devices and Enterprise IT. Their open-source project, Step Certificates, provides automated certificate management using protocols such as ACME. Smallstep targets enterprise organizations seeking to enforce Zero Trust principles by tying authentication and access control to verified device identity rather than solely to user credentials. The company is headquartered with a distributed remote team and is venture-backed.