SCEPman Enterprise

Deploy SCEPman Enterprise

First and foremost, you will need to set up and configure your SCEPman. Please use documentation relevant to your environment to perform the installation and configuration of SCEPman. Once completed, return to this article.

Establish trust between RADIUSaaS and SCEPman

For RADIUSaaS to trust client authentication certificates issued by SCEPman PKI, you must add SCEPman's root CA certificate to the RADIUSaaS trust store following these steps.

Configure the RADIUS Server Certificate

Server Settings | RADIUSaaSdocs.radiusaas.com

Configure your Networking Equipment

To configure your networking equipment (WiFi access points, switches, or VPN gateways), follow these steps.

After successful completion of Steps 2 - 4, the Trusted Certificates page of your RADIUSaaS instance will look similar to the one below. Please note that in our example we have used a RadSec-enabled MikroTik access point that leverages a SCEPman-issued RadSec Client Certificate.

Configure Intune Profiles

To set up certificate-based WiFi authentication, you will need to create and deploy a number of policies via Intune. These policies are as follow:

Trusted Certificate Profiles

This profile was configured as part of the SCEPman setup.

SCEP Certificate Profile

This profile was configured as part of the SCEPman setup.

WiFi Profile

Deploy the Wi-Fi adapter settings to your devices by following this article:

Permissions and Technical Contacts

First, review your Permissions to ensure the right persons in your organization have the right level of administrative access to your RADIUSaaS instance.

Next, ensure that we are able to contact you in case we have important technical information to share by reviewing the Technical Contacts section.

Rules

This is an optional step.

If you would like to configure additional rules, for example to assign VLAN IDs or limit authentication requests to certain trusted CAs or WiFi access points, please check out the RADIUSaaS Rule Engine.