Install SCEP certificate on Windows using Workspace ONE UEM

Add Certificate Authority and Template

📘

If you are configuring SCEP certificates for both Windows and macOS, you only need to follow the initial setup documentation once

Add Device Profile for Windows

  • Go to Resources > Profiles and Baselines > Profiles and click Add > Add Profile.

Add Profile

Add Profile

  • Select Windows > Widows Desktop > Device Profile
Add Windows Desktop Device Profile

Add Windows Desktop Device Profile

  • Enter details for the profile as below:
    1. For General, Name: You choice
    2. Smart Groups: Assign to respective smart groups according to your needs.
Configure device profile

Configure device profile

  • Go to Credentials:
    1. Credential Source: Select 'Defined Certificate Authority' from the dropdown.
    2. Certificate Authority: Select the CA configured in the Initial Setup documentation.
    3. Certificate Template: Select the template configured in the Initial Setup documentation.
    4. Key Location: TPM if present.
    5. Certificate Store: Personal
Add Credentials #1

Add Credentials #1

  • Click on + on the bottom right and add credentials #2:
    1. Credential Source: Upload
    2. Certificate: Download the Client CA from the EAP-TLS page of foxpass and upload it here.
    3. Key Location: TPM if present
    4. Certificate Store: Trusted Root
Add Credentials #2

Add Credentials #2

  • Click on + on the bottom right and add credentials #3:
    1. Credential Source: Upload
    2. Certificate: Download the active server CA from the EAP-TLS page of foxpass and upload it here.
    3. Key Location: TPM if present
    4. Certificate Store: Trusted Root
    5. Click 'SAVE AND PUBLISH'
Add Credentials #3

Add Credentials #3

  • Configure Wi-Fi payload:
    1. Service Set Identifier: Your SSID
    2. Security Type: WPA2 Enterprise
    3. Encryption: AES
    4. Protocols: Certificate
    5. Identity Certificate: Choose Certificate #1
    6. Trusted Certificates: Choose Certificate #3
    7. Click 'SAVE AND PUBLISH'
Configure Wi-Fi

Configure Wi-Fi



Add User Profile for Windows

  • Click on the Devices → Profiles and Resources → Profiles → Add
  • Click on Add Profile and Select Windows and then Windows Desktop and select User Profile.
    1. Select General and configure:
    2. Name - ‘Any reference name’
    3. Smart Groups - Add all the possible groups from the dropdown.
3044

User profile - General


  • Select Credentials from the left.
    1. Credential Source - Select ‘Defined Certificate Authority from the dropdown.
    2. Certificate Authority - Select CA created in the Initial setup from the dropdown.
    3. Certificate Template - Select the template configured earlier.
    4. Key Location - TPM if present
    5. Certificate Store - Personal
  • Click Save and Publish
3056

User Profile - Credentials


Enroll Windows to Workspace one

  • Make a note of the console version by clicking About of your Workspace one's console page.
  • Go to resources.worskspaceone.com.
  • Download the appropriate intelligent hub according to the console version on your Windows machine.
  • Follow the setup wizard and install hub.
  • Intelligent hub will open. Now enter your server address. Click 'Next'. Note : The server address in the screenshot is just an example, the server address and Group ID was sent to your email by Workspace ONE upon your registration of the user.
Sample server address

Sample server address

  • Enter your Group ID and click 'Next'.
Enter Group ID

Enter Group ID

Choose ownership according to your settings

Choose ownership according to your settings

  • You can see successful/unsuccessful RADIUS logs on the RADIUS logs page.
RADIUS logs

RADIUS logs

  • If there are no SCEP errors, 'No errors' will be displayed in green color under Last error column for the respective endpoint on the SCEP page.
SCEP page

SCEP page

❗️

If there are any SCEP errors, it would be shown under the 'Last error' column for the respective endpoint on the Foxpass SCEP page.