search

SCEPman SaaS

This article describes the configuration steps necessary to implement certificate-based WiFi authentication using SCEPman SaaS with Intune.

1

hashtag
Configure SCEPman SaaS

First and foremost, you will need to set up and configure your SCEPman PKI. Please refer to this guide to complete this step. Once completed, return to this article.

🆕 SCEPman SaaSchevron-right
2

hashtag
Establish Trust between RADIUSaaS and SCEPman

For RADIUSaaS to trust client authentication certificates issued by SCEPman PKI, you must add SCEPman's root CA certificate to the RADIUSaaS trust store following these steps:

LogoTrusted Certificates | RADIUSaaSdocs.radiusaas.comchevron-right
3

hashtag
Configure the RADIUS Server Certificate

Leverage SCEPman to fully automate the lifecycle of your RADIUSaaS Server Certificate by setting up SCEPman Connection as below:

Navigate to SCEPman Connection section under Settings > Server Settings and click on Setup Connection.

Then you will get

Once you click Yes, RADIUSaaS will request a server certificate from SCEPman, activate it, and renew it in time before it expires. Everything happens automatically, without any interaction required from your side.

4

hashtag
Configure your Networking Equipment

To configure your networking equipment (WiFi access points, switches, or VPN gateways), follow these steps:

LogoGeneric Guide | RADIUSaaSdocs.radiusaas.comchevron-right

After completing the previous steps, the Trusted Certificates page of your RADIUSaaS instance will look similar to the one shown below. Please note that in our example we have used a RadSec-enabled MikroTik access point that leverages a SCEPman-issued RadSec Client Certificate.

5

hashtag
Configure Intune Profiles

To set up certificate-based Wi-Fi authentication, you will need to create and deploy several policies in Intune. These policies are as follows:

Profile Type
Purpose

Trusted certificate

Deploy the Root CA certificate that has issued the RADIUS Server Certificate. In this scenario, the relevant CA corresponds to the SCEPman Root CA.

SCEP certificate

Deploy the client authentication certificate.

Wi-Fi

Deploy the wireless network adapter settings.

Relevant Intune Policies

hashtag
Trusted Certificate Profiles

This profile was configured as part of the SCEPman setuparrow-up-right.

hashtag
SCEP Certificate Profile

This profile was configured as part of the SCEPman setuparrow-up-right.

hashtag
WiFi Profile

Deploy the Wi-Fi adapter settings to your devices by following this article:

WiFi Profilechevron-right
6

hashtag
Permissions and Technical Contacts

circle-exclamation

This is a mandatory step.

First, review your Permissions to ensure the right persons in your organization have the right level of administrative access to your RADIUSaaS instance.

circle-check

To prevent yourself from being locked out of your RADIUSaaS instance, always ensure that either

  • at least two user identities or

  • one service account

are configured as Administrators.

Next, ensure that we are able to contact you in case we have important technical information to share by reviewing the Technical Contacts section.

circle-check

For us to reliably deliver important information to you via email, always ensure that either

  • at least two email addresses of individuals or

  • one shared mailbox / distribution list

are configured.

7

hashtag
Rules

This is an optional step.

If you would like to configure additional rules, for example to assign VLAN IDs or limit authentication requests to certain trusted CAs or WiFi access points, please check out the RADIUSaaS Rule Engine.

Ruleschevron-right

Last updated

Was this helpful?