Install SCEP certificate on Windows using Workspace ONE UEM

Add Certificate Authority and Template

📘

If you are configuring SCEP certificates for both Windows and macOS, you only need to follow the initial setup documentation once

• Please refer the Initial Setup documentation to add certificate authority and certificate template in Workspace one.

Add Device Profile for Windows

• Go to Resources > Profiles and Baselines > Profiles and click Add > Add Profile.

• Select Windows > Widows Desktop > Device Profile

• Enter details for the profile as below:
  1. For General, Name: You choice
  2. Smart Groups: Assign to respective smart groups according to your needs.

• Go to Credentials:
  1. Credential Source: Select 'Defined Certificate Authority' from the dropdown.
  2. Certificate Authority: Select the CA configured in the Initial Setup documentation.
  3. Certificate Template: Select the template configured in the Initial Setup documentation.
  4. Key Location: TPM if present.
  5. Certificate Store: Personal

• Click on + on the bottom right and add credentials #2:
  1. Credential Source: Upload
  2. Certificate: Download the Client CA from the EAP-TLS page of foxpass and upload it here.
  3. Key Location: TPM if present
  4. Certificate Store: Trusted Root

• Click on + on the bottom right and add credentials #3:
  1. Credential Source: Upload
  2. Certificate: Download the active server CA from the EAP-TLS page of foxpass and upload it here.
  3. Key Location: TPM if present
  4. Certificate Store: Trusted Root
  5. Click 'SAVE AND PUBLISH'

• Configure Wi-Fi payload:
  1. Service Set Identifier: Your SSID
  2. Security Type: WPA2 Enterprise
  3. Encryption: AES
  4. Protocols: Certificate
  5. Identity Certificate: Choose Certificate #1
  6. Trusted Certificates: Choose Certificate #3
  7. Click 'SAVE AND PUBLISH'

Add User Profile for Windows

• Click on the Devices → Profiles and Resources → Profiles → Add
• Click on Add Profile and Select Windows and then Windows Desktop and select User Profile.
  1. Select General and configure:
  2. Name - ‘Any reference name’
  3. Smart Groups - Add all the possible groups from the dropdown.

• Select Credentials from the left.
  1. Credential Source - Select ‘Defined Certificate Authority from the dropdown.
  2. Certificate Authority - Select CA created in the Initial setup from the dropdown.
  3. Certificate Template - Select the template configured earlier.
  4. Key Location - TPM if present
  5. Certificate Store - Personal
• Click Save and Publish

Enroll Windows to Workspace one

• Make a note of the console version by clicking About of your Workspace one's console page.

• Go to resources.worskspaceone.com.
• Download the appropriate intelligent hub according to the console version on your Windows machine.
• Follow the setup wizard and install hub.
• Intelligent hub will open. Now enter your server address. Click 'Next'. Note : The server address in the screenshot is just an example, the server address and Group ID was sent to your email by Workspace ONE upon your registration of the user.

• Enter your Group ID and click 'Next'.

• You can see successful/unsuccessful RADIUS logs on the RADIUS logs page.

• If there are no SCEP errors, 'No errors' will be displayed in green color under Last error column for the respective endpoint on the SCEP page.

❗️

If there are any SCEP errors, it would be shown under the 'Last error' column for the respective endpoint on the Foxpass SCEP page.