JAMF SCEP Configuration

Follow these steps and the screenshots to configure JAMF to use Foxpass's SCEP for an EAP-TLS network.

Download Active Server CA

Download active Server CA from the EAP-TLSpage by clicking 'Download CA' under 'Server Certificate Authorities'.

Download Active Server CA

Download Active Server CA

Configure SCEP Profile

  • Click on 'Certificates'
  • Name - <e.g. Foxpass SCEP>
  • Distribution Method - Install Automatically

  • URL - Obtain the URL from SCEP page. It will be mentioned below 'Unique Endpoint' heading on the SCEP page. If you need to create a SCEPEndpoint, please see the screenshot below for reference.
SCEP URL Location

Ensure that you set Verification Type to 'User' and Authentication Type to 'Challenge Password'. The challenge password will be auto-generated upon creation.

  • Subject - CN=<user's email address>
  • Challenge - Copy the Challenge password from the SCEP page.
  • Fingerprint - Click 'Upload Certificate' and select the CA certificate you downloaded earlier.


Email Address is required!

Make sure that every user in JAMF has an email address associated with their profile.

> 📘 Allow export from Keychain?

We recommend you don't allow export from Keychain, despite what the following screenshot shows.

Configure WiFi Profile

  • SSID - Your network's SSID Note: this must match EXACTLY, including capital letters.
  • Security Type - WPA/WPA 2 Enterprise
  • Accepted EAP Types - TLS
  • Identity Certificate - Select SCEP from the dropdown.

The profile will be installed and you can see a SCEP certificate under 'Client Certificates' on the EAP-TLS page.

Sample SCEP certificate

Sample SCEP certificate