MacOS with Workspace One UEM

Add Certificate Authority and Template

📘

If you are configuring SCEP certificates for both Windows and macOS, you only need to follow the initial setup documentation once.

• Please refer the Initial Setup documentation to add certificate authority and certificate template in Workspace one.

Add Profile for Macbook

• Go to Resources > Profiles and Baselines > Profiles and click Add > Add Profile

• Select macOS > Device Profile.

• Give a name to your profile.
• Search for 'SCEP' in the search box.
• Configure SCEP payload as below:
  1. Credential Source: Defined Certificate Authority
  2. Certificate Authority: Select CA configured earlier from the dropdown.
  3. Certificate Template: Select template configured earlier from the dropdown.

• Now, to configure 'Credentials' payload you need active serve CA from Foxpass.
• Open 'Foxpass EAP-TLS page'in another tab and download active server CA.

• Go back to Workspace one console. Search for 'Credentials'.
• Enter details as below:
  1. Credential Source: Upload
  2. Certificate: Choose downloaded server CA and click Attach.

• Click Add button
  • Credential Source - Defined Certificate Authority
  • Certificate Authority - Click CA configured earlier e.g. Foxpass
  • Certificate Template - Click Template configured earlier e.g Foxpass Template

• Configure 'Network' payload. Search for 'Network'.
  1. Network Interface: Wi-Fi
  2. Service Set Identifier: Foxpass
  3. Security Type: WPA/WPA2 Enterprise
  4. Protocols: EAP-TLS
  5. Identity certificate: Choose 'SCEP' from the dropdown.
  6. Trusted Certificates: Credentials
  7. Click 'Next'
  8. Assign Smart Groups according to your needs.
  9. Click 'SAVE AND PUBLISH'.

Enroll Macbook to Workspace one

• Make a note of the console version by clicking About of your Workspace one's console page.

• Go to resources.worskspaceone.com.
• Download the appropriate intelligent hub according to the console version on your Macbook.

• Follow the setup wizard and install hub.
• Intelligent hub will open. Now enter your server address. Click 'Next'. Note : The server address in the screenshot is just an example, the server address and Group ID was sent to your email by Workspace ONE upon your registration of the user.

• Enter your Group ID and click 'Next'.

• You can see successful/unsuccessful RADIUS logs on the RADIUS logs page.

• If there are no SCEP errors, 'No errors' will be displayed in green color under Last error column for the respective endpoint on the SCEP page.

❗️

If there are any SCEP errors, it would be shown under the 'Last error' column for the respective endpoint on the Foxpass SCEP page.