Install SCEP on Macbook using Workspace one UEM

Add Certificate Authority and Template

Add Profile for Macbook

  • Go to Resources > Profiles and Baselines > Profiles and click Add > Add Profile
Add Profile

Add Profile

  • Select macOS > Device Profile.
Add macOS profile

Add macOS profile


  • Give a name to your profile.
  • Search for 'SCEP' in the search box.
  • Configure SCEP payload as below:
    1. Credential Source: Defined Certificate Authority
    2. Certificate Authority: Select CA configured earlier from the dropdown.
    3. Certificate Template: Select template configured earlier from the dropdown.
Add SCEP payload

Add SCEP payload

  • Now, to configure 'Credentials' payload you need active serve CA from Foxpass.
  • Open 'Foxpass EAP-TLS page'in another tab and download active server CA.
Download active server CA

Download active server CA

  • Go back to Workspace one console. Search for 'Credentials'.
  • Enter details as below:
    1. Credential Source: Upload
    2. Certificate: Choose downloaded server CA and click Attach.
Configure 'Credentials' payload

Configure 'Credentials' payload

  • Configure 'Network' payload. Search for 'Network'.
    1. Network Interface: Wi-Fi
    2. Service Set Identifier: Foxpass
    3. Security Type: WPA/WPA2 Enterprise
    4. Protocols: EAP-TLS
    5. Identity certificate: Choose 'SCEP' from the dropdown.
    6. Trusted Certificates: Credentials
    7. Click 'Next'
    8. Assign Smart Groups according to your needs.
    9. Click 'SAVE AND PUBLISH'.

Configure Network payload

Configure Network payload

Enroll Macbook to Workspace one

  • Make a note of the console version by clicking About of your Workspace one's console page.

Download intelligent hub on macbook

Download intelligent hub on macbook

  • Follow the setup wizard and install hub.
  • Intelligent hub will open. Now enter your server address. Click 'Next'. Note : The server address in the screenshot is just an example, the server address and Group ID was sent to your email by Workspace ONE upon your registration of the user.
Sample server address

Sample server address

  • Enter your Group ID and click 'Next'.
Enter Group ID

Enter Group ID

Choose ownership according to your settings

Choose ownership according to your settings


  • You can see successful/unsuccessful RADIUS logs on the RADIUS logs page.
RADIUS logs

RADIUS logs

  • If there are no SCEP errors, 'No errors' will be displayed in green color under Last error column for the respective endpoint on the SCEP page.
SCEP page

SCEP page

❗️

If there are any SCEP errors, it would be shown under the 'Last error' column for the respective endpoint on the Foxpass SCEP page.