Apple SCEP Template

This custom template is intended for creating SCEP policy to be deployed on to Apple devices. The user device gets a unique identity certificate for authentication (Wi-Fi, VPN, email).

Default Apple SCEP Template

Deploying the custom policy with default Apple SCEP template does the following:
  • Creates a user identity certificate using SCEP (Simple Certificate Enrollment Protocol).
  • Generates an RSA 2048-bit private key on the device.
  • Sends a certificate request to the SCEP server.
  • Uses the user’s identity (UserPrincipalName and SID) in:
    • Certificate Subject
    • Subject Alternative Name (SAN)
To create custom policy with default Apple SCEP template, complete the following steps:
  1. From the MCM application click Create Policy and select Custom from Template.
  2. On the General Settings page, enter the Policy Name and Description.
  3. Select macOS as the Operating System.
  4. From the Assign Policy to Site drop-down, select a site to assign the policy.
  5. From the Select a policy from template drop-down, select Apple SCEP Template.
  6. Click Save to save the custom Apple SCEP DeviceID policy. At the time of deploying the policy, the necessary parameters are replaced as per the Simple Certificate Enrollment Protocol (SCEP) configuration.
Add the policy to an appropriate Policy Group to deploy onto the Apple devices.
Result
Certificate Properties: This profile creates a certificate with the following characteristics:
  • Key type: RSA
  • Key size: 2048 bits
  • Scope: User
  • Retry behavior: 3 attempts
  • 10-second delay between attempts