1. Go to the library
  2. Create a new "WiFi Profile"
  3. Assign it to the proper blueprint
  4. Make settings as below. Anything not mentioned, leave as the default.

Service Set Identifier: this must match your network's SSID name exactly.
Authentication Type: WPA2 Enterprise
Accepted EAP Types: TLS
Username (optional): leave blank
Identity certificate: SCEP

SCEP Configuration:

  • URL: (from Foxpass's SCEP page)
  • Name: (leave blank)
  • Challenge: (from Foxpass's SCEP page)
  • Fingerprint: (leave blank)
  • Subject: CN=$EMAIL
  • Specify Subject Alternative Names (SAN):
    • SAN Type: RFC 822 Name: $EMAIL
  • Key Size: 2048
  • Key Usage: None
  • Automatic profile redistribution: Yes

Certificate Trust: select "Specify trusted certificates".
Upload the Server Certificate Authority that you download from from Foxpass's SCEP page

That's it!