HomeGuidesAPI Reference
Get Started

JAMF SCEP Configuration

Suggest Edits

Follow these steps and the screenshots to configure JAMF to use Foxpass's SCEP for an EAP-TLS network.

Download Active Server CA

Download active Server CA from the EAP-TLS page by clicking 'Download CA' under 'Server Certificate Authorities'.

Download Active Server CA

Download Active Server CA

Download Client CA

Download the Client CA from the EAP-TLS page by clicking 'Download CA' under 'Client Certificate Authorities'.


Download Client CA

Download Client CA


Configure Profile

  • In JAMF, go to Computers > Configuration Profiles > Click 'New'.
  • Name - <e.g. Foxpass >
  • Distribution Method - Install Automatically

Configure Profile

Configure Profile

Configure Certificate

  • Click on 'Certificate' option and then Configure.
Configure certificate

Configure certificate

  • Give a name to the certificate.
  • Upload the previously downloaded Server CA.
  • Password - Your choice
  • Click 'Save'.
Configure Certificate option

Configure Certificate option

Configure SCEP

  • Click on the SCEP option > Configure.
Configure SCEP

Configure SCEP

  • URL - Obtain the URL from SCEP page. It will be mentioned below 'Unique Endpoint' heading on the SCEP page. Please create a SCEP endpoint if not present.

🚧

Email Address is required!

Make sure that every user in JAMF has an email address associated with their profile.

  • Name - Name of your choice
  • Redistribute profile - 30 days
  • Subject - CN=$EMAIL
  • Subject Alternative Name Type - RFC 822 Name
  • Subject Alternative Name Value - $EMAIL
Configure SCEP

Configure SCEP

  • Challenge Type - Static
  • Challenge - Copy the challenge password from the SCEP page and paste.
  • Key Size - 4096
  • Make sure "Allow export from keychain" is unchecked.
  • Fingerprint - Click 'Upload Certificate' and select the client CA certificate you downloaded earlier.
  • Click 'Save'.

Configure Network

  • Click on the 'Network' option > Configure.
Configure Network

Configure Network


  • Network Interface - Wi-Fi
  • SSID - Your network's SSID Note: this must match EXACTLY, including capital letters.
  • Security Type - WPA/WPA2 Enterprise
Configure Network

Configure Network

  • Accepted EAP Types(Protocols) - TLS
  • Identity Certificate - Select SCEP from the dropdown.

  • Select Trust under Network Security Settings.
  • Check 'Foxpass Server CA'.
  • Click 'Save'.

Enroll device to JAMF

  • On your device, open a browser and go to your device enrollment URL. The enrollment URL is the full URL of your Jamf Pro server followed by /enroll.

Login to enroll

Login to enroll

Click 'Continue'

Click 'Continue'

  • Install the downloaded profile.
Install the profile

Install the profile

Profile installed

Profile installed

You can see a SCEP certificate under 'Client Certificates' on the EAP-TLS page.

Sample SCEP certificate

Sample SCEP certificate

If everything is configured correctly, you will be able to connect to your SSID. For logs, you can visit RADIUS logs page.

Updated 18 days ago