Smallstep Device Identity is a certificate-based device identity platform designed to ensure that only authorized, company-owned devices can access enterprise resources. The platform leverages ACME Device Attestation (ACME DA), a standard co-developed with Google at the IETF, which uses hardware co-processors for device attestation and key binding. This approach replaces older protocols like SCEP and is designed to prevent credential exfiltration, phishing, and impersonation attacks. Core use cases include: - Certificate-based Wi-Fi access using EAP-TLS - Enforcing device identity in SSO flows for SaaS applications - Device identity enforcement for VPNs and Zero Trust Network Access (ZTNA) - Certificate management for DevOps workloads and VMs - Extending single sign-on and device identity to SSH The platform provides cross-platform support covering Linux, macOS, Android, iOS, and Windows — addressing a gap left by traditional MDM tools that typically lack Linux support. It covers four foundational components of device identity: device inventory, configuration, credential issuance, and enforcement. Smallstep Device Identity also extends identity coverage to non-human actors, including AI agents, MCP clients, MCP servers, and model runtimes. It handles the full certificate lifecycle for device identities and can integrate with existing certificate authorities or replace them.