The Simple Certificate Enrollment Protocol (SCEP) is a protocol that allows devices to easily enroll for a certificate by using a URL and a shared secret to communicate with a PKI.

This is a guide for setting up SCEP with IronWiFi's new multi-tiered HSM based Certificate Authority and Jamf Pro to provision MacOS and iOS / iPadOS  based devices, using device profile.

What do you need ?

• owner_id - owner id is a unique identifier of your IronWiFi account that can be found in the URL when you're logged in, it should look similar to this - abcdefg12345678 or domain-abcd1234
• region - region where your data resides and authentication requests are processed - us-east1, console, asia-northeast1, etc

• SCEP Server URL - build the URL in this format - https://{{region}}.ironwifi.com/api/{{owner_id}}/certificates/scep

• Template file for Apple Configurator 2. The file can be downloaded from here

!Note! Your user must exist in the IronWiFi console or the SCEP connector's User Auto-Creation option must be enabled for this to work. We are mapping  device serial number to the username in console

1. Sign in to the IronWiFi Management Console and create a SCEP connector - click on Users -> Connectors -> New Connector

2. Open IronWiFi SCEP Device.mobileconfig that you have downloaded in Apple Configurator 2

3. Click on General and modify Name and  Organisation.

4. Click on Wi-Fi and modify SSID to match your own SSID that you are broadcasting.

5. Click on SCEP and replace {{region}} and {{owner_id}} placeholders with your own region and owner_id from the console URL.

6. Save the mobileconfig file - Command + S

7. Log in to your Jamf Pro account, go to Devices -> Configuration Profiles and Upload the .mobileconfig file. Assign the created profile to your devices or device groups as required.