Axiad Conductor for Non-human Identities (NHI)

Axiad Conductor can be used to authenticate your machine identities instead of or in addition to your human identities. As a standalone service, you can easily incorporate this Axiad solution into your environment.

Overview

Axiad Conductor for Non-human Identities (NHI) is a Public Key Infrastructure (PKI) authentication platform that authenticates your machines through transparent certificate generation and validation.

The solution includes a dedicated private Root CA and a dedicated private Issuing CA (signed by the Root CA) as the default topology, but it can be fully customized with additional Certificate Authorities (CAs) to address distinct needs, with all private keys securely stored in a dedicated partition on a FIPS 140-2 Level 3 Hardware Security Module (HSM).

Axiad Conductor NHI is a fully integrated component of the product that enables you to effortlessly issue digital identities to your users; and it supports a range of industry protocols (CMPv2, SCEP, ACME, EST, etc.) and connectors (Intune, AEP, Venafi, AppViewX, and more) to automate certificate distribution to devices and services, keeping your entire certificate-based authentication (CBA) from the same source.

Integrations

Axiad Conductor NHI integrates with various resources to automate the certificate lifecycle:

• AppViewX and Venafi for orchestration

• Microsoft for automated enrollment and renewal using GPOs

• Intune, MobileIron, and Jamf MDM products

Axiad NHI NextGen

Executive-Level Summary

Migrating from the current Axiad NHI to Axiad NHI NextGen delivers:

• Automated certificate lifecycle management (ACME)

• PQC readiness and crypto agility

• Backward-compatible modernization

• Alignment with reduced certificate lifetimes

• Lower operational overhead

• Improved compliance posture

• Future-proof cryptographic architecture

Automation & Modern Enrollment (ACME-Native Architecture)

Axiad NHI NextGen introduces standards-based automation using ACME (RFC 8555), enabling:

• Fully automated certificate issuance and renewal

• Zero-touch provisioning for workloads and devices

• Reduced manual CSR workflows

• Integration with DevOps pipelines and cloud-native workloads

• Alignment with modern machine identity practices

Impact:

• Lower operational overhead

• Reduced certificate expiration incidents

• Stronger security posture via automated renewal

• Better scalability for machine identities

This becomes increasingly critical as certificate lifetimes shrink and renewal frequency increases.

Post-Quantum Cryptography (PQC) Readiness

Axiad NHI NextGen is architected with crypto agility in mind, positioning the organization for:

• Future support of NIST-selected PQC algorithms (e.g., ML-DSA, ML-KEM)

• Hybrid certificate models (classical + PQC)

• Algorithm transition without infrastructure replacement

• Long-term compliance with emerging federal and enterprise mandates

Why this matters:

• “Harvest now, decrypt later” threats are real for long-lived data

• U.S. federal agencies and regulated sectors are already planning PQC transitions

• Current Axiad PKIaaS architecture lacks native agility for algorithm swaps

Axiad NHI NextGen provides a forward-compatible trust foundation rather than a legacy cryptographic stack.

Backward Compatibility & Integration Continuity

While modernizing, Axiad NHI NextGen maintains compatibility with:

• Existing APIs (AEP)

• SCEP-based device enrolment

• Microsoft Intune integration

• Current enterprise workflows

Result:

• No forced rip-and-replace

• Controlled migration path

• Reduced disruption to operational teams

• Preservation of existing ecosystem investments

This lowers migration risk while enabling modernization.