receiving, at an OpenID connect (OIDC) server, from a client application, a request to establish a secure connection from the client application, the request including: (a) a certificate generated using a public-private key pair associated with the client application or a user of the client application and (b) authentication credentials associated with the client application or the user of the client application;

determining, at the OIDC server, whether the authentication credentials are valid;

establishing, at the OIDC server, that the authentication credentials are valid, and responsively provisioning a cryptographic identifier of the certificate associated with the request to a list of trusted certificates;

providing, at the OIDC server, one or more application servers with access to the list of trusted certificates to enable the one or more application servers to establish a secure connection with the client application based on verifying that the cryptographic identifier of the certificate presented by the client application is provisioned into the list of trusted certificates; and

linking a device identifier to the cryptographic identifier of the certificate associated with the request when the cryptographic identifier of the certificate is provisioned to the list of trusted certificates to enable the one or more application servers to establish the secure connection with the client application based on (a) verifying that the cryptographic identifier of the certificate presented by the client application is provisioned into the list of trusted certificates and (b) verifying that the client application presenting the cryptographic identifier of the certificate is associated with the device identifier to which the cryptographic identifier of the certificate is linked.