smallstep · tashian · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025
@@ -1,11 +1,11 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Getting Started with Smallstep Certificate Manager
 html_title: Certificate Manager Documentation Hub Overview
 description: Complete guide to Smallstep Certificate Manager. Simplify enterprise PKI with automated certificate lifecycle management at scale easily.
 ---
 
-Smallstep Certificate Manager is a commercial product built on `step-ca` that delivers a highly available hosted certificate authorities, expiry notifications and alerts, a management dashboard, Active Revocation, API, and other features. With Smallstep Certificate Manager, you can easily issue private TLS/SSL certificates to all your things. [Learn more here.](https://smallstep.com/certificate-manager)
+Smallstep Certificate Manager is a commercial product built on `step-ca` that delivers a highly available hosted certificate authorities, expiry notifications and alerts, a management console, Active Revocation, API, and other features. With Smallstep Certificate Manager, you can easily issue private TLS/SSL certificates to all your things. [Learn more here.](https://smallstep.com/certificate-manager)
 
 If you need to manage devices or workloads that are not supported yet, then you can use Certificate Manager to tinker a solution.
 

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Smallstep Certificate Manager Basic Certificate Operations
 html_title: Basic Certificate Manager Operations Guide
 description: Essential Certificate Manager operations for daily use. Learn certificate issuance, renewal, revocation, and monitoring workflows.
@@ -40,7 +40,7 @@ In this command, we are asking the CA to create a certificate with the following
 * `--san myservice.internal.mycompany.net` - Add an additional SAN to the certificate, with the specified value
 * `--not-after 24h` - Set the certificate to expire after 24 hours
 
-When you run this command, it will envoke the `authority-admin` provisioner and start a single sign-on flow via the smallstep dashboard.
+When you run this command, it will envoke the `authority-admin` provisioner and start a single sign-on flow via the smallstep console.
 After a successful sign-in, the authority will issue the certificate. 
 
 ### Step 2 - Inspect a test certificate

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Smallstep Certificate Manager Getting Started
 html_title: Get Started with Certificate Manager Guide
 description: Get started with Certificate Manager in minutes. Quick setup guide for enterprise certificate automation and PKI management with best practices.
@@ -30,18 +30,18 @@ Creating a team gives you access to Smallstep's products.
 Click [here](https://smallstep.com/signup?product=cm) to create a team.
 You will be asked to provide:
 * `Team Name` - Usually, this is your company name. 
-* `Team URL` - This is where you will access the smallstep dashboard and will also be the base domain for the CA URL for any Authorities you create. 
+* `Team URL` - This is where you will access the smallstep console and will also be the base domain for the CA URL for any Authorities you create. 
 * `First & Last Name` - Smallstep Team administrator's name. 
 * `E-mail` - Smallstep Team administrator's e-mail address.
-* `password` - This password is used to login into the Smallstep dashboard
+* `password` - This password is used to login into the Smallstep console
 
 Smallstep team admins can subscribe to and manage Smallstep products.
 
 ### step 2 - Create an Authority
 A Certificate Manager Authority is an online CA that authenticates and authorizes certificate requests.
 It can issue, renew, and revoke your x.509 TLS certificates.
 To create an Authority:
-* Log into the smallstep dashboard, select the Certificate Manager tab, and click the "Add Authority" button.
+* Log into the smallstep console, select the Certificate Manager tab, and click the "Add Authority" button.
 * Choose "Create a new hosted Authority".
 * Give your Authority a name and subdomain value (the URL path you wish to use for your online CA).
 * Choose "Create"

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Smallstep Certificate Manager How It Works
 html_title: Certificate Manager Architecture Guide
 description: Technical architecture of Certificate Manager. Understand components, workflows, and security model for enterprise PKI deployment planning.
@@ -41,7 +41,7 @@ configuration management, or use
 or [`step ca root`](https://smallstep.com/docs/step-cli/reference/ca/root) to
 securely download your root certificate from an issuing authority. You can also
 download the root certificate for your authorities from the Certificate Manager
-dashboard.
+console.
 
 - [`step ca bootstrap`](https://smallstep.com/docs/step-cli/reference/ca/bootstrap)
   configures `step` to trust your root CA and use a particular issuing
@@ -159,7 +159,7 @@ default for the `OIDC` provisioner).
 Some use cases demand an option to renew expired certificates.
 For example, intermittently-connected devices may not be able to reach the CA in time for a renewal.
 The ability to renew expired certificates can be enabled on a per-provisioner basis.
-Enable it in the Smallstep dashboard when you create a new provisioner,
+Enable it in the Smallstep console when you create a new provisioner,
 or on the command line for an existing provisioner.
 While sometimes necessary, this feature comes with risks and is disabled by default.
 

@@ -1,4 +1,5 @@
 ---
+updated_at: November 06, 2025
 title: Smallstep Certificate Manager Single Sign-on Certificates
 html_title: Smallstep Certificate Manager single sign-on certificates for humans
 description: Connect your IDP to Smallstep Certificate Manager and issue certificates to your developers. 
@@ -76,7 +77,7 @@ Use the following command as a template for adding an OIDC provisioner.
 </Alert>
 
 
-This command requires Administrator privileges on the Authority. The terminal will prompt you to enter your email and perform a single sign-on flow via the smallstep dashboard. 
+This command requires Administrator privileges on the Authority. The terminal will prompt you to enter your email and perform a single sign-on flow via the smallstep console. 
 
 <CodeBlock language="shell-session" >
 {`No admin credentials found. You must login to execute admin commands.
@@ -86,7 +87,7 @@ Your default web browser has been opened to visit:`}
 </CodeBlock>
 
 Upon completion, your OIDC provisioner will be created.
-It will appear on your smallstep dashboard authority detail page. 
+It will appear on your smallstep console authority detail page. 
 
 ### Step 3 - Enable self-service single sign-on certificates. 
 From the user's perspective, when requesting a certificate, `step` detects the OIDC provisioner and initiates the OAuth login flow automatically:

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Device Enrollment Guide
 html_title: Device Enrollment Implementation Guide
 description: Step-by-step guide for device enrollment and inventory management. Set up secure certificate enrollment for all enterprise devices.
@@ -94,6 +94,6 @@ create a user using the following value
 ```
 
 Once added,
-you'll see the device in your Smallstep dashboard,
+you'll see the device in your Smallstep console,
 under Recent Devices,
 and it will be automatically approved.
@@ -1,5 +1,5 @@
 ---
-updated_at: October 20, 2025
+updated_at: November 06, 2025
 title: Smallstep Agent for Linux
 html_title: Smallstep Agent for Device Management Guide
 description: Deploy and configure Smallstep Agent on Linux. Automated device identity management and certificate renewal for enterprise Linux fleets.
@@ -214,9 +214,9 @@ Alternatively, you can pre-register all of your team's devices:
    fingerprint: "40523785c1d1d11EXAMPLE017b660d52a5fa5f2cb94cf0e1a9e9209dbea0826"
    ```
 
-   - Your `team` ID (team slug). This is the value after `/app/` in your Smallstep dashboard URL.
-   - Your agent CA `fingerprint`. Find this value in your dashboard:
-       - In the Smallstep dashboard, select Authorities
+   - Your `team` ID (team slug). This is the value after `/app/` in your Smallstep console URL.
+   - Your agent CA `fingerprint`. Find this value in your console:
+       - In the Smallstep console, select Authorities
        - Select the Smallstep Agents authority
        - Use the sha256 Root fingerprint displayed on this page
 

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Smallstep API
 html_title: Platform API Reference Documentation Guide
 description: Complete API reference for managing devices, certificates, and PKI programmatically. Integrate Smallstep into your security workflows.
@@ -57,6 +57,6 @@ curl -sH @api_headers --request GET \
   --header 'x-smallstep-api-version: 2025-01-01' | jq
 ```
 
-Or, in your Smallstep dashboard,
+Or, in your Smallstep console,
 you'll see the device listed under Recent Devices.
 
@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: ACME Registration Authority for Smallstep Certificate Manager
 html_title: Deploy ACME RA with Certificate Manager
 description: Deploy ACME Registration Authority with Certificate Manager. Enable distributed ACME certificate issuance at enterprise scale.
@@ -166,7 +166,7 @@ Setting up an RA manually involves the following steps:
 
 1. Create an Authority in Certificate Manager with a JWK provisioner
 
-    First, create a hosted Authority in the Certificate Manager dashboard if you haven't already, and configure your local `step` CLI to access this Authority, using `step ca bootstrap`.
+    First, create a hosted Authority in the Certificate Manager console if you haven't already, and configure your local `step` CLI to access this Authority, using `step ca bootstrap`.
 
     Now, as a Super Administrator, add a JWK provisioner to the Authority, and give it a name (eg. `acme-ra-jwk`):
     <FormValues>
@@ -266,7 +266,7 @@ If you're running Kubernetes, you can run an ACME Registration Authority in your
 
 1. Create an Authority in Certificate Manager with a JWK provisioner
 
-    First, create a hosted Authority in the Certificate Manager dashboard if you haven't already, install the `step` CLI locally (`brew install step`), and configure `step` to access your Authority, using `step ca bootstrap`.
+    First, create a hosted Authority in the Certificate Manager console if you haven't already, install the `step` CLI locally (`brew install step`), and configure `step` to access your Authority, using `step ca bootstrap`.
 
     Now, as a Super Administrator, add a JWK provisioner to the Authority, and give it a name (eg. `registration-authority`):
 

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Access Control Guide
 description: Implement fine-grained SSH access controls with certificates. Define who can access which servers using certificate-based policies.
 html_title: SSH Access Control Lists Configuration
@@ -48,7 +48,7 @@ Sign in at `https://smallstep.com/app/[Team ID]`
 
 ### Step 2: Grant User Group Access to Host(s)
 
-On your Smallstep Dashboard.
+On your Smallstep console.
 * Select the "Users" tab on the right hand navigation bar.
 * Choose the "GROUPS" tab
 

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Microsoft Entra ID Quickstart
 html_title: SSH with Microsoft Entra ID (Azure AD)
 description: Integrate SSH certificates with Microsoft Entra ID. Enable single sign-on for SSH using enterprise identity providers for unified access.
@@ -43,7 +43,7 @@ When creating your groups, give them names and accept the defaults on all other
 
 ### Step 2. Tell us your directory's Tenant ID
 
-1. In the Smallstep SSH dashboard, under the Users tab, choose Azure.
+1. In the Smallstep SSH console, under the Users tab, choose Azure.
 2. Paste your Tenant ID from the [Active Directory Overview](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) blade into the "Add Your Team" dialog:
 
    ![](/graphics/quickstart/azure-onboarding.png)
@@ -89,7 +89,7 @@ Your Users and Groups list should now look something like this:
 1.  Choose **Provisioning** on the left and choose **Get Started**.
 2.  Set the provisioning mode to **Automatic**.
 4.  Expand **Admin Credentials:**
-    * Supply the SCIM **Tenant URL** and **Secret Token** from the Smallstep dashboard.
+    * Supply the SCIM **Tenant URL** and **Secret Token** from the Smallstep console.
     * Choose **Test Connection** and make sure that it works.
 	* Save.
 
@@ -131,7 +131,7 @@ Your Users and Groups list should now look something like this:
 
 ### Step 5. Confirm the directory connection
 
-Return to the Smallstep dashboard.
+Return to the Smallstep console.
 
 * Navigate to the LOGS menu. You should see a list of success messages assocated with `SCIM-SYNC` catagory items.
 

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Smallstep SSH Host Quickstart
 description: Configure SSH host certificates for server authentication. Eliminate TOFU (Trust On First Use) and secure SSH infrastructure.
 html_title: SSH Host Certificate Quick Setup Tutorial
@@ -216,6 +216,6 @@ Match User *,!ubuntu
   * `ssh-test.app.smallstep.com` — For SSH test sessions
   * `https://ssh.<team-name>.ca.smallstep.com` — The CA internal PKI APIs (protected by mTLS)
   * `https://smallstep.com/app/teams/sso/success` — Single sign-on success page
-  * `https://smallstep.com/app/<team-name>` — Admin Dashboard
+  * `https://smallstep.com/app/<team-name>` — Admin console
   * `https://api.smallstep.com` — APIs to fetch team information
   * `https://auth.smallstep.com` — OpenID Connect flow, if you have no identity provider configured
@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Smallstep SSH How It Works
 html_title: How SSH Certificates Work - Technical Guide
 description: Technical overview of SSH certificate authentication. Learn how certificates replace keys for better security and management in modern SSH.
@@ -31,11 +31,11 @@ From here, the ssh handshake continues seamlessly. <br />
 
 <br />
 
-If Alice wants to connect from a different device, it's easier for her to run `step ssh login` (or let `step ssh proxycommand` run it for her transparently) than it is to extract her certificate from `ssh-agent` and copy it over. Bastion hosts are supported, too! You can ssh to the server using its internal DNS name, and the connection will flow through your bastion. All connection requests to the host are logged and reported in the smallstep dashboard.
+If Alice wants to connect from a different device, it's easier for her to run `step ssh login` (or let `step ssh proxycommand` run it for her transparently) than it is to extract her certificate from `ssh-agent` and copy it over. Bastion hosts are supported, too! You can ssh to the server using its internal DNS name, and the connection will flow through your bastion. All connection requests to the host are logged and reported in the smallstep console.
 
 ### Manage SSH Access From Your Identity Provider
 
-All user and group information is maintained in your existing identity provider. We pull basic information from your IdP using the SCIM protocol or native APIs. In the smallstep dashboard, you'll tag groups that need SSH access. When you add or remove users in one of these groups in your IdP, it will automatically flow to your entire managed fleet of hosts. No need to kick off automation flows to push key changes. Access is instantly added, changed, or revoked.
+All user and group information is maintained in your existing identity provider. We pull basic information from your IdP using the SCIM protocol or native APIs. In the smallstep console, you'll tag groups that need SSH access. When you add or remove users in one of these groups in your IdP, it will automatically flow to your entire managed fleet of hosts. No need to kick off automation flows to push key changes. Access is instantly added, changed, or revoked.
 
 ### Standard, Secure Connections
 

@@ -1,5 +1,5 @@
 ---
-updated_at: September 17, 2025
+updated_at: November 06, 2025
 title: Okta UID GID Sync Guide
 description: Synchronize Unix user and group IDs with Okta for SSH access. Maintain consistent identity across SSH infrastructure for unified management.
 html_title: Okta UID/GID Sync for SSH Access Control
@@ -92,12 +92,12 @@ Already have UID and GID fields for your users? Skip to Step 2.
   ![](/graphics/quickstart/okta-gid-finalmap.png)
 
 ### Step 4. Verify syncing with smallstep before going into production
-* These changes should trigger a sync of the UID and GID values to the smallstep dashboard. 
+* These changes should trigger a sync of the UID and GID values to the smallstep console. 
 * If the values do not show up, try removing and re-adding the group assignments:
   * Open the **smallstep provisioning app integration** application within OKTA.
   * Go to the **Assignments** tab, select **groups**, and **remove all the groups** (remember these group names). 
-  * Wait until the users are removed from the smallstep dashboard (a few seconds).
+  * Wait until the users are removed from the smallstep console (a few seconds).
   * Then re-add the groups using the **assign** button. 
-  * This will trigger a push, and you will see the new uid and gid values in the smallstep dashboard.
+  * This will trigger a push, and you will see the new uid and gid values in the smallstep console.
 
 Send an email to [[email protected].](mailto:[email protected])
@@ -1,4 +1,5 @@
 ---
+updated_at: November 06, 2025
 title: Okta Quickstart
 description: SSH Okta Quickstart | Smallstep Documentation
 ---
@@ -45,7 +46,7 @@ In this quickstart, we will:
 
 ### **Step 1. Create Okta OIDC Application**
 
-1. Start at your Okta admin dashboard (access via "Admin" button next to "+ Add Apps" after successful log in)
+1. Start at your Okta admin console (access via "Admin" button next to "+ Add Apps" after successful log in)
 2. Go to Applications → Create App Integration
 3. In the pop up select "OIDC - OpenID Connect" as the sign-in method and specify "Native Application" for the Application type.
 
@@ -73,7 +74,7 @@ In this quickstart, we will:
      * Repeat this process for any other groups you created for controlling SSH/sudo access
 7. Go back to **General** tab and scroll down to "Client Credentials." You'll refer to these values in the next step.
 
-### Step 2. Enter your OIDC Details into the Smallstep dashboard
+### Step 2. Enter your OIDC Details into the Smallstep console
 
 1. Open a new browser tab and log in to Smallstep: `https://smallstep.com/app/[TEAM-NAME]`
 2. Navigate the Onboarding Dialog. If the dialog is not open, you can relaunch it by visiting the **Users** tab.
@@ -127,9 +128,9 @@ In this quickstart, we will:
 
   ![](/graphics/quickstart/okta-enable-api.png "Enable API")
 
-* Return to the Smallstep dashboard, or open a new browser tab and sign into the Smallstep dashboard: `https://smallstep.com/app/[TEAM-NAME]`
+* Return to the Smallstep console, or open a new browser tab and sign into the Smallstep console: `https://smallstep.com/app/[TEAM-NAME]`
 * Navigate to the Onboarding UI → Add Your Team → SCIM Details
-* Copy **Base URL,** and **API Token** from Smallstep dashboard, and paste into Okta Provisioning form.
+* Copy **Base URL,** and **API Token** from Smallstep console, and paste into Okta Provisioning form.
 * In Okta, choose **Test API Credentials**. After successful verification, choose **Save**.
 
   ![](/graphics/quickstart/okta-api-auth.png "API Auth")