We are currently using Cisco ISE to onboard our devices using user based certificates. This is quite the pain for our teachers and we have gotten a lot of complaints about the process. Does anyone have a better workflow or way to move away from user based certificates or have the user not have to accept 3 or 4 certificates when onboarding the device?
We're in 802.1x enrollment process currently. 10% have been done, minor complaints in daily business.
We use a config profile with scep certs from our own pki.
Updating those computers 10.13.4 to 10.13.5 makes the mac's become unauthenticated and blocked by ISE. A pain in the a...
We're currently working that out.
I too will be curious what workflows others have in combi ISE and 802.1x