From the Certificate Authority drop-down list, select a CA.From the SCEP Vendor drop-down list, select JAMF.From the Type drop-down list, select SCEP Enrollment Token.In the Basic section, enter the name and description for the API token.From your JoinNow MultiOS Management Portal, go to Identity.In the Extended Key Usage section, from the Use Certificate For list, select Client Authentication.In the SAN section, enter the following values:.Select the Include Entire Certificate Chain checkbox.From the Signature Algorithm drop-down list, select the signature algorithm for the certificate signing request.From the Key Size drop-down list, select a key size.In the Validity Period field, type the validity period of the certificate (based on requirement).For Common Name, enter the common name (example: ‘Jamf Signing Certificate’).In the Certificate section, from the Certificate Authority drop-down list and select the intermediate CA to use for issuing certificates to clients using SCEP (Created in the Create Intermediate CA for SCEP Gateway Integration section).For MAC Address, enter a unique MAC address.For User Description, enter a description.In the Device Info section, from the Operating System drop-down list, select an operating system.From your JoinNow MultiOS Management Portal, navigate to PKI > Create Certificate.NOTE:The CA that is configured in Policy Management > Enrollment Policies to issue certificates for Jamf enrollment requests should be the same CA with which you create this signing certificate. SecureW2 recommends a name that includes ‘SCEP’. For the Common Name field, enter a name. ![]() From the Certificate Authority drop-down, select the default Root CA that comes with your organization.From the Type drop-down list, select Intermediate CA.In the Basic section, from the Generate CA For drop-down list, select the Device and User Authentication option to authenticate devices and users.From your JoinNow MultiOS Management Portal, go to PKI > Certificate Authorities.You can disable email notifications for the dedicated CA issuing certificates to Issuing certificates to managed devices, because managed devices don’t require email The CA issuing certificates to BYOD devices should be separate from the CA It describes the procedure to set up certificate enrollment through SCEP: Create Intermediate CA for SCEP Gateway IntegrationĪs a best practice, SecureW2 recommends having a new intermediate CA for JoinNow SCEP Gateway You created the certificate for Apple push notifications and uploaded it in Jamf.Ĭonfiguring SCEP Enrollment for EAP-TLS in SecureW2.End users can enroll their devices with Jamf.These are the prerequisites for setting up SCEP on Jamf: Managed devices will be authenticated by an existing RADIUS Server from any major vendor,.WPA2-Enterprise EAP-TLS network protected by certificate-based security. Once completed, devices can begin requesting certificates and be configured for a.The certificate payload and Wi-Fi payload will be sent via the SCEP URL and will equipĭevices with trusted certificates and your organization’s customized wireless settings.Prepare the Jamf SCEP and Wi-Fi Profiles for macOS and iOS devices.Enter the SCEP URL as the avenue in which the certificates will be distributed.Certificates will now be trusted by your network and will integrate with Access Points.In the Jamf management portal, upload your new Signing Certificate.Using SecureW2’s PKI Services, begin by configuring the Intermediate CA, the actualĬertificate format, and the SCEP Gateway URL.To configure the SecureW2 Managed Device Gateway API: Using SecureW2’s Managed Device Gateway APIs, you can easily enroll every Once a SCEP payload is sent out, devices do not need to be manually configured forĬertificates they are enrolled automatically through the SCEP Gateway with no end user To efficiently equip your Jamf devices with certificates, the best option is to utilize a SCEP ![]() Investing in a PKI also opens the door for SSL decryption, empowering you to ensureĮvery user is following your organization’s content policies and no SSL encrypted malware gets on Passwords: easily compromised, password reset policies, and poor authentication experience.Īdditionally, administration’s visibility and identity context are significantly improved.Ĭertificates allow you to see exactly who is on the network by putting a name to every networkĬonnection. By eliminatingĬredentials and relying on certificates for authentication, you negate the consequences of Network using certificate-based authentication (EAP-TLS) is the way to go. ![]() ![]() Network authentication method for my Jamf managed devices?įor maximum security and authentication efficiency, implementing a WPA2-Enterprise / 802.1x Implementing secure Wi-Fi is difficult, and can leave you wondering, what is the ideal
0 Comments
Leave a Reply. |