Enterprise Connect PKI


Enterprise Connect PKI


Enterprise Connect PKI provides a secure connection for Mac users with a PIV smart card or certificate-based identity to an Active Directory (AD) domain. This allows users to authenticate to websites, file servers, printers, SharePoint, or any other Kerberos-enabled resources. Enterprise Connect PKI automatically reestablishes the SSO trust to AD 
when the smart card is connected to your Mac 
and AD is available.


Enable your Mac users—easily.

With Enterprise Connect PKI, you can help your Mac users 
access AD resources—without binding the Mac to AD and without users calling IT. When you purchase Enterprise Connect PKI, an engineer will join you at your location to provide valuable insights on deploying Enterprise Connect PKI based on your existing PKI infrastructure. The engineer will help you develop a deployment plan, assist with creating MDM payloads and custom trigger scripts, and coach you on Enterprise Connect PKI features and best practices.


  • macOS Sierra 10.12 (or later)

  • Active Directory 2008 (or later)

Kerberos single sign-on

  • Automatically acquire and renew a Kerberos Ticket Granting Ticket

  • Authenticate to Kerberos-enabled services

  • Connect to file shares, print queues, and 
so on

  • Leverage local and/or AD mobile accounts

Password management

  • Display password requirements with live validation during password changes

  • Notify users when their passwords will expire via Notification Center, even while offline

  • Sync Mac login password with AD password

Network share management

  • Mount users’ network home directories

  • Mount explicit shares, such as group shares

  • Remount shares automatically

  • Support for SMB, AFP, or DFS 

Customization and automation

  • Execute custom scripts at specific triggers

  • Audit script to ensure security compliance before every AD authentication

  • Connection completed script performs 
an action after every connection to AD

  • Can work with Centrify and YubiKey

  • You can enable/disable tokend or CryptoTokenKit


Have questions? Contact us >