EAP-TLS MDM setup
This guide outlines the steps to configure a secure wireless network connection using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) for mobile devices managed through Mobile Device Management (MDM) systems like Apple Configurator, Workspace one, JAMF Pro, JAMF School, Intune, etc. EAP-TLS is a highly secure protocol that uses certificate-based authentication to ensure data integrity and confidentiality.
Simple Certificate Enrollment Protocol (SCEP) allows your devices to easily enroll for a certificate using our SCEP endpoint and perform other Public Key Infrastructure (PKI) related operations. We currently issue certificates with a validity period of 5 years so that you don't have to worry about renewing your certificate every year.
Creating Endpoints for Verification
Make sure you have our Advanced RADIUS add-on enabled for your account to access this feature. In our system, you have the flexibility to create endpoints tailored to different verification types. These verification types can include users, devices, or even a scenario where no specific verification is required. Below are the options available for endpoint creation:
- General Endpoints for MDMs (Mobile Device Management)
- Dedicated Endpoints for Intune
Create SCEP endpoint for MDMs
- Click on Create SCEP endpoint button on the SCEP page.
- Give a name to your endpoint say 'Foxpass'.
- Depending on your use case, select verification type as User, Device or None.
- Authentication Type - Challenge Password.
- Click 'Create' button.
You will be able to see your new endpoint with challenge password.
Create SCEP endpoint for Intune
- Click on Create SCEP endpoint button on the SCEP page.
- Give a name to your endpoint say 'Foxpass-Intune'.
- Depending on your use case, select verification type as User, Device or None.
- Authentication Type - Azure.
- For Azure Tenant ID, Client ID and Client secret please refer this documentation.
- Click 'Create' button.
Now, you can proceed to EAP-TLS documentation for creating client CA, server CA and client certificates.
Updated 5 months ago