MacOS with Workspace One UEM

Add Certificate Authority and Template

📘
If you are configuring SCEP certificates for both Windows and macOS, you only need to follow the initial setup documentation once.

Please refer the Initial Setup documentation to add certificate authority and certificate template in Workspace one.

Add Profile for Macbook

Go to Resources > Profiles and Baselines > Profiles and click Add > Add Profile

Add Profile

Select macOS > Device Profile.

Add macOS profile

Give a name to your profile.
Search for 'SCEP' in the search box.
Configure SCEP payload as below:
1. Credential Source: Defined Certificate Authority
2. Certificate Authority: Select CA configured earlier from the dropdown.
3. Certificate Template: Select template configured earlier from the dropdown.

Add SCEP payload

Now, to configure 'Credentials' payload you need active serve CA from Foxpass.
Open 'Foxpass EAP-TLS page'in another tab and download active server CA.

Download active server CA

Go back to Workspace one console. Search for 'Credentials'.
Enter details as below:
1. Credential Source: Upload
2. Certificate: Choose downloaded server CA and click Attach.

Configure 'Credentials' payload

Configure 'Network' payload. Search for 'Network'.
1. Network Interface: Wi-Fi
2. Service Set Identifier: Foxpass
3. Security Type: WPA/WPA2 Enterprise
4. Protocols: EAP-TLS
5. Identity certificate: Choose 'SCEP' from the dropdown.
6. Trusted Certificates: Credentials
7. Click 'Next'
8. Assign Smart Groups according to your needs.
9. Click 'SAVE AND PUBLISH'.

Configure Network payload

Enroll Macbook to Workspace one

Make a note of the console version by clicking About of your Workspace one's console page.

Go to resources.worskspaceone.com.
Download the appropriate intelligent hub according to the console version on your Macbook.

Download intelligent hub on macbook

Follow the setup wizard and install hub.
Intelligent hub will open. Now enter your server address. Click 'Next'. Note : The server address in the screenshot is just an example, the server address and Group ID was sent to your email by Workspace ONE upon your registration of the user.

Sample server address

Enter your Group ID and click 'Next'.

Enter Group ID

Choose ownership according to your settings

You can see successful/unsuccessful RADIUS logs on the RADIUS logs page.

RADIUS logs

If there are no SCEP errors, 'No errors' will be displayed in green color under Last error column for the respective endpoint on the SCEP page.

SCEP page

❗️
If there are any SCEP errors, it would be shown under the 'Last error' column for the respective endpoint on the Foxpass SCEP page.

Updated 4 months ago