+14For strong certificate mapping, can two SAN types be used in the Subject Alternative Names field? Official guidance specifies using only the SCEP URI, and although the current configuration with multiple SAN types appears to work, it seems unreliable, as I’m seeing additional certificate-selection prompts. This change was made while I was out, so I need to confirm that this approach follows best practice.
I think multiple values work. In case you’re not just showing an example, double check the documentation to ensure the extension attribute value actually matches the numerical value of the EA. Meaning, if the extension attribute is {jssURL}/view/settings/computer-management/computer-extension-attributes/46 that the tag:microsoft{EA}value ends in 46. Also I believe the SAN type is Uniform Resource Identifier
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
