EAP-TLS MDM setup

This guide outlines the steps to configure a secure wireless network connection using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) for mobile devices managed through Mobile Device Management (MDM) systems like Apple Configurator, Workspace one, JAMF Pro, JAMF School, Intune, etc. EAP-TLS is a highly secure protocol that uses certificate-based authentication to ensure data integrity and confidentiality.

Simple Certificate Enrollment Protocol (SCEP) allows your devices to easily enroll for a certificate using our SCEP endpoint and perform other Public Key Infrastructure (PKI) related operations. We currently issue certificates with a validity period of 5 years so that you don't have to worry about renewing your certificate every year.

Creating Endpoints for Verification

Make sure you have our Advanced RADIUS add-on enabled for your account to access this feature. In our system, you have the flexibility to create endpoints tailored to different verification types. These verification types can include users, devices, or even a scenario where no specific verification is required. Below are the options available for endpoint creation:

  • General Endpoints for MDMs (Mobile Device Management)
  • Dedicated Endpoints for Intune

Create SCEP endpoint for MDMs

  • Click on Create SCEP endpoint button on the SCEP page.
  • Give a name to your endpoint say 'Foxpass'.
  • Depending on your use case, select verification type as User, Device or None.
  • Authentication Type - Challenge Password.
  • Click 'Create' button.
Create SCEP endpoint

Create SCEP endpoint

You will be able to see your new endpoint with challenge password.

Sample SCEP endpoint

Sample SCEP endpoint

Create SCEP endpoint for Intune

  • Click on Create SCEP endpoint button on the SCEP page.
  • Give a name to your endpoint say 'Foxpass-Intune'.
  • Depending on your use case, select verification type as User, Device or None.
  • Authentication Type - Azure.
  • For Azure Tenant ID, Client ID and Client secret please refer this documentation.
  • Click 'Create' button.
Create SCEP endpoint for Intune

Create SCEP endpoint for Intune

Now, you can proceed to EAP-TLS documentation for creating client CA, server CA and client certificates.