Technically you could login as each user and create their certificate for them, yes; however, that will not be of any benefit to you as you would still need to distribute the certificates to users.

The Juniper appliance does not do any certificate enrollment; you would need to allow users to connect to your certificate server and create the certificates through the appliance.

There is no timer for user expiration other than a one-time-use only option.

Does Juniper have any type of certificate enrollment device / services that could be utilized? If not, what are others doing in such a situation?

no, there is nothing like this from juniper.

most of the environments i have worked with over the years that use certificates utilize MS certificate services. 

I have run across a few that use their own openSSL-based option; public PKI a lΠverisign (or similar); and i'm sure there are others available that i have not run across

If you have a windows domain, then the easiest way is to auto-enroll your domain computers using group policy. You add the CA (certificate authority) role to a server in your enterprise. Then you create the group policy that will auto-enroll all your domian computers.

http://technet.microsoft.com/en-us/library/cc947849%28v=ws.10%29.aspx

The the SA then you will add your enterprise CA to the certificate authorities. And then you can use it for authentication.