Target
This feature is available to customers using Access Control.
Notes
- Tenant Certificates are available to customers subscribed to the HENNGE One Pro / IdP Pro plan.
- If you do not have a HENNGE One Pro / IdP Pro subscription, or if you are a reseller interested in this feature, please contact us using the form below.
https://hennge.com/jp/service/one/form/ - If you already have a HENNGE One Pro / IdP Pro subscription and would like to discuss this feature, please contact the HENNGE One support desk or your implementation representative.
- If you do not have a HENNGE One Pro / IdP Pro subscription, or if you are a reseller interested in this feature, please contact us using the form below.
Content
The HENNGE Tenant Certificate is a client certificate issued by our certificate authority.
It is intended to be distributed and used via third-party MDM services.
The existing Device Certificates use Cybertrust's certificate authority, and you can check the association with device identification information on the Access Control admin console.
In contrast, the HENNGE Tenant Certificate is a feature specialized for distribution via MDM services, and to reduce the burden on end users when installing client certificates, the Access Control service server cannot confirm the owner or the device information where the certificate is installed.
Please do not use this feature in operations where the admin cannot strictly manage the devices where certificates are installed.
Before using this feature, please be sure to review the following prerequisites and notes.
Comparison with Existing Feature (Device Certificates)
| Tenant Certificate | Device Certificate | |
| Association with device information | No association; can be installed on any device | Associated one-to-one with the target device information; can only be installed on a specific device |
| Certificate distribution method | Admin installs the same certificate on target devices using MDM, etc. | Users install the certificate on their own devices |
| Usage method | User ID and password entry required | User ID and password entry not required depending on settings |
| Impact when a device with a distributed certificate is lost | Affects all users; certificate revocation → reissue → redistribution to all devices is required. | No impact on other users; only the certificate on the affected device needs to be revoked. |
| Number of certificates available | No limit to the number of devices a single certificate can be distributed to | Number of certificates issued depends on contract |
| Certificate validity period | 13 months from issuance | 5 years from issuance |
Preparation
Preparing the MDM Service
Depending on the specifications of the MDM service, there may be cases where distribution to certain OSs is not possible or there are operational restrictions.
Please check with your MDM service provider in advance regarding supported OSs and versions.
Notes for Using HENNGE Tenant Certificates
Before using HENNGE Tenant Certificates, please make sure you understand the following points.
- Issues and distribution procedures that occur on the MDM service side regarding the distribution and use of HENNGE Tenant Certificates are not supported by us.
Please contact your MDM service provider. - Any documentation introducing MDM service specifications or admin screens published on the Help Center, etc., as part of HENNGE's customer success activities, is currently provided on a best-effort basis.
-
You cannot directly manage device information for distributed certificates from the Access Control admin console. Therefore, for Tenant Certificates distributed to each device, the admin must accurately track and manage them on the MDM service side.
Additionally, since Tenant Certificates are in p12 file format, they can be easily installed or exported to any device without an installer. Due to this characteristic, The password required for installation must be strictly managed by the admin.If the password is shared with users, please understand that not only the user but also unintended third parties may be at increased risk of installing the certificate on unauthorized devices.
-
There are some devices, such as certain OSs, where Tenant Certificates cannot be distributed.
For the supported environments for HENNGE Tenant Certificates, please refer to the following.
HENNGE One Supported Environments