Certificates have outpaced passwords equally the preferred method of authentication for enterprises considering of their superiori network security and user experience. SecureW2 makes sure every device is properly authenticated and issued a document to exist used for a diversity of network authentication purposes.

Addigy is a cloud-based mobile device direction platform designed for Apple environments to migrate abroad from on-premise systems. Admins are able to utilise SecureW2 to allow Addigy devices to be securely authenticated and enroll for certificates. The best role? Both of these can exist automated, making information technology easier for the admin and end user. Here'due south how you do it.

Tech Overview

  1. Set Up the Managed Device Gateway API
    • Using our Getting Started Sorcerer, yous can easily ready upwardly SCEP gateway APIs.
    • Establish a trusted Intermediate CA to configure the payload to include document enrollment policies.
  2. Configure the SCEP Profile
    • Create a SCEP URL past generating a shared secret and access token using SecureW2's Token magician.
    • Configure the Wi-Fi Profile
  3. Configure the Wi-FI settings to allow certificates to connect to the correct server.
    • Configure the profile for EAP-TLS authentication, the most secure authentication protocol.
    • Push button the Payloads to Managed Devices
  4. Add the SCEP URL to the Addigy portal so y'all are able to push out configuration profiles to all Addigy devices and
    • accept them authenticated to the network.
    • Y'all tin can also push out a payload allowing devices to enroll themselves for a signed certificate subsequently hallmark.

Create an Apple Button Certificate

You can create an Apple Push Certificate past downloading an Addigy Certificate Signing Request (CSR) file and uploading in Apple.

  1. On the Addigy Portal, go to Accounts.
    • Click MDM Settings.
  2. Download CSR File.
    • Click Add Certificate under Apple Button Certificates.
    • Download Addigy CSR.
  3. Go to this link.
    • Click Create a Document.
    • Upload your Addigy CSR.
  4. An Apple Push Certificate will be generated and a .pem file will be available for download.
  5. Upload the .pem file.
    • Go back to MDM Settings in Addigy.
    • Click on Add Document.
    • Upload the .pem file.
  6. Click Salve.

Now you created a signed Apple tree Push Certificate for you managed devices. You lot'll need to found a connectedness so all of your managed devices are able to enroll for the certificate.

Building a .mobileconfig

For most platforms, you can create a custom CA and generate a SCEP URL with SecureW2's Management Portal. These tin can exist imported into your platform'southward UI and first delivering certificates.

Addigy does non have this option, and so you'll need to build a custom mobileconfig with the SCEP URL and Shared Primal. This can all be washed in SecureW2's Management Portal. After you've done this, reach out to the SecureW2 Support team. They can assistance you in generating a custom .mobileconfig file to upload to Addigy.

Creating a SCEP URL and Shared Secret

To use an SCEP gateway for managed devices to enroll themselves for certificates, generate an SCEP URL so devices can communicate with SecureW2'southward PKI.

  1. Navigate to API Tokens nether Identity Management.
  2. Click Add API Token.
  3. Enter in a Name and Vendor and click Update.
  4. A CSV file volition be downloaded that contains a shared secret and a SCEP URL. Y'all will demand to modify the SCEP URL to piece of work with MEM Intune.
    • The unmodified URL is structured similar so:

https://api.securew2.com/urltokenid/70b78eba-d84f-4997-89be-6ec117555347/enroll/ 891d25ab-af14-4e81-95c3-bc4793384fe4/89ed0be6-13q2-4973-b84d-fb4ff83e51ef

    • Insert /urlauth/secretkey/ into the SCEP URL and replace secretkey with the cardinal provided in the CSV file that is downloaded from the Secure W2 Management Portal as displayed in the post-obit example:

https://api.securew2.com/urltokenid/dd1cb780-4c61-b07f-ef69a5bfaf0f/urlauth/secretkey/ enroll/d53a3f06-1e7a-4c0c-8f0e-q3869d47f6fc/3b48048a-7e68-4ad3-efb5039b737d

Upload a .mobileconfig file to Addigy

Now that y'all've created a mobileconfig, you can plug it into the Addigy portal and volition exist able to push the payload to every managed device.

  1. Create a Contour in Addigy.
    • Go to Policies.
    • Click Itemize towards the acme.
    • Click on Custom Profile and Add Profile.
  2. Upload your .mobileconfig file.
    • Enter your profile name.
    • Under Installation Files, click Select File(s) to upload your .mobileconfig file.
    • Under Installation Script, the output volition be shown subsequently uploading your file.
  3. Click ostend.

Now that you lot've created a custom profile in Addigy, you can first deploying that profile to your managed devices.

Adding an iOS Device

Here we will explain how to become the configuration profiles on an iOS device.

  1. Log in to the Addigy management portal.
    • Navigate to Policies.
  2. Detect your device on the portal and click GoLive.
  3. Switch your device from 'Onboarding' policy to 'Production' policy.
    • This will deploy the Wi-Fi profile and SCEP payload.
  4. Navigate to MDM Configuration.
    • Check that the Addigy SCEP profile is uploaded.
    • Click on the Addigy SCEP profile to view the payloads and certificate.
  5. Hover over Production.
    • Click Ostend Production policy deployment.
    • Click on "View Details" to come across the SCEP profile connecting to your iOS device.
      • It will take a few minutes for the profile to appear on your device.
  6. To find your contour, become to the Settings app and notice Device Direction under the Full general section.
    • You can too view device certificates hither.
  7. Once the contour is on your device, go to Settings > Wi-Fi and connect to the Addigy SCEP network.
    • The device will connect to the network without any prompts.
  8. Your device should now be added to the Addigy management portal.

Removing the iOS Device

If you would like to remove the configuration profiles from an iOS device, hither is how you lot can practice that within Addigy.

  1. To remove the device from the network, navigate to Policies > Production.
    • Click on your device and change the policy from "Production" to "Onboarding".
    • Click on Onboarding and confirm configuration.
  2. The profile will be pulled off the device, removing the device from the network.
    • The Wi-Fi profile and SCEP payload volition no longer appear under Device Direction.
  3. The device will and so connect back to the setup Wi-Fi and be removed from "Policy Devices" on Addigy.

Verifying the SCEP Certificate on iOS Device

If you're needing to verify that a SCEP certificate is on a network device, here's how to exercise information technology.

  1. Log in to the SecureW2 management portal.
    • Navigate to Certificates.
  2. Copy either the serial number or the common name.
  3. Paste the ID into Addigy under the Devices tab.
    • Yous will be able to find the device fastened to that document.

Revoking a SCEP Certificate from an iOS Device

If you want to revoke a certificate'southward network access, you can do that quite easily in SecureW2. Hither's how.

  1. Get dorsum to Certificates in SecureW2 Management Portal.
  2. Click "Revoke" on the document.
  3. If you try to connect to the SCEP Wi-Fi network, information technology volition not automatically connect you to the network.
    • Instead y'all'll see a login credentials prompt.

The industry is moving to the cloud, and Addigy is helping Apple environments migrate that style. By integrating Addigy with SecureW2, yous can ensure all managed Apple tree devices will be able to deeply and automatically enroll themselves for certificates. SecureW2's toll-effective services brand information technology easier to consequence and manage certificates for network authentication.