JAMF SCEP Configuration
Follow these steps and the screenshots to configure JAMF to use Foxpass's SCEP for an EAP-TLS network.
Download Active Server CA
Download active Server CA from the EAP-TLS page by clicking 'Download CA' under 'Server Certificate Authorities'.
![Download Active Server CA](https://files.readme.io/0008789-small-Screenshot_2023-05-16_at_1.34.11_PM.png)
Download Active Server CA
Download Client CA
Download the Client CA from the EAP-TLS page by clicking 'Download CA' under 'Client Certificate Authorities'.
![Download Client CA](https://files.readme.io/96f2608-Screenshot_2024-07-03_at_1.56.28_PM.png)
Download Client CA
Configure Profile
- In JAMF, go to Computers > Configuration Profiles > Click 'New'.
- Name - <e.g. Foxpass >
- Distribution Method - Install Automatically
![](https://files.readme.io/a52352a-Screenshot_2024-07-05_at_11.13.05_AM.png)
![Configure Profile](https://files.readme.io/cde8bfa-Screenshot_2024-07-04_at_2.00.24_PM.png)
Configure Profile
Configure Certificate
- Click on 'Certificate' option and then Configure.
![Configure certificate](https://files.readme.io/dc0814f-Screenshot_2024-07-03_at_1.23.17_PM.png)
Configure certificate
- Give a name to the certificate.
- Upload the previously downloaded Server CA.
- Password - Your choice
- Click 'Save'.
![Configure Certificate option](https://files.readme.io/6b35dc2-Screenshot_2024-07-04_at_1.37.18_PM.png)
Configure Certificate option
Configure SCEP
- Click on the SCEP option > Configure.
![Configure SCEP](https://files.readme.io/acca573-Screenshot_2024-07-03_at_1.31.46_PM.png)
Configure SCEP
- URL - Obtain the URL from SCEP page. It will be mentioned below 'Unique Endpoint' heading on the SCEP page. Please create a SCEP endpoint if not present.
![](https://files.readme.io/e7d6ed2-Screenshot_2024-07-03_at_2.11.53_PM.png)
Email Address is required!
Make sure that every user in JAMF has an email address associated with their profile.
- Name - Name of your choice
- Redistribute profile - 30 days
- Subject - CN=$EMAIL
- Subject Alternative Name Type - RFC 822 Name
- Subject Alternative Name Value - $EMAIL
![Configure SCEP](https://files.readme.io/f297210-Screenshot_2024-07-04_at_1.45.15_PM.png)
Configure SCEP
- Challenge Type - Static
- Challenge - Copy the challenge password from the SCEP page and paste.
- Key Size - 4096
![](https://files.readme.io/adc664f-Screenshot_2024-07-04_at_1.47.32_PM.png)
- Make sure "Allow export from keychain" is unchecked.
- Fingerprint - Click 'Upload Certificate' and select the client CA certificate you downloaded earlier.
- Click 'Save'.
![](https://files.readme.io/4861066-Screenshot_2024-07-04_at_1.48.54_PM.png)
Configure Network
- Click on the 'Network' option > Configure.
![Configure Network](https://files.readme.io/89b0115-Screenshot_2024-07-04_at_1.50.33_PM.png)
Configure Network
- Network Interface - Wi-Fi
- SSID - Your network's SSID Note: this must match EXACTLY, including capital letters.
- Security Type - WPA/WPA2 Enterprise
![Configure Network](https://files.readme.io/f6f14ca-Screenshot_2024-07-04_at_1.53.15_PM.png)
Configure Network
- Accepted EAP Types(Protocols) - TLS
- Identity Certificate - Select SCEP from the dropdown.
![](https://files.readme.io/dd73c84-Screenshot_2024-07-03_at_2.08.03_PM.png)
- Select Trust under Network Security Settings.
- Check 'Foxpass Server CA'.
- Click 'Save'.
Enroll device to JAMF
- On your device, open a browser and go to your device enrollment URL. The enrollment URL is the full URL of your Jamf Pro server followed by /enroll.
![Login to enroll](https://files.readme.io/10731ab-Screenshot_2024-07-09_at_2.56.40_PM.png)
Login to enroll
![Click 'Continue'](https://files.readme.io/f729423-Screenshot_2024-07-09_at_2.56.55_PM.png)
Click 'Continue'
![](https://files.readme.io/a70a2cd-Screenshot_2024-07-09_at_2.57.05_PM.png)
- Install the downloaded profile.
![Install the profile](https://files.readme.io/65d1fe9-Screenshot_2024-07-09_at_2.57.33_PM.png)
Install the profile
![Profile installed](https://files.readme.io/afdabb0-Screenshot_2024-07-09_at_3.50.13_PM.png)
Profile installed
You can see a SCEP certificate under 'Client Certificates' on the EAP-TLS page.
![Sample SCEP certificate](https://files.readme.io/1d0c1f6-small-Screenshot_2023-05-16_at_1.11.57_PM.png)
Sample SCEP certificate
If everything is configured correctly, you will be able to connect to your SSID. For logs, you can visit RADIUS logs page.
Updated 18 days ago