SCEP Certificate-based authentication
BigFix MCM supports certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
Advantages of SCEP
- Facilitates to authenticate users via certificates.
- Ensures secure network communication, where the data is encrypted and authenticated using certificates.
- Simplifies certificate distribution to MCM-enrolled devices.
- Facilitates distributing certificates in huge number of devices.
- Reduces the burden on Network Administrators as the users can request their digital certificate electronically.
SCEP architecture and communication flow
- Certificate Enrollment Workflow
Using this protocol, SCEP servers issue a one-time password (OTP) to the user transmitted out-of-band (OOB). The user generates a key pair and sends the OTP and certificate signing request to the SCEP server, which validates it, signs it, and makes the signed certificate available to the user.
Applicable devices
- Windows 10 and later
- macOS
Supported enrollment methods
- Autopilot enrollment - Windows
- Bulk enrollment - Windows
- Enrolling through enrollment URL - Windows
- Enrolling through enrollment URL - Apple
- Apple Automated Device Enrollment
For information on how to configure the environment to support certificate management and certificate-based authentication through SCEP, see Simple Certificate Enrollment Protocol (SCEP) configuration.
For Windows SCEP enrollment flow, see Windows SCEP enrollment.
For macOS SCEP enrollment flow, see macOS SCEP enrollment.