802.1x and Proxy during Enrollment

New Contributor

Hey Jamf Community,

I'm reaching out to see if there is any possible solutions to an ongoing issue that we've had when enrolling devices on our corporate network. Our network uses Cisco ISE for 802.1x authentication which is Certificate based EAP-TLS followed by the network requiring a Proxy PAC file to be specified which is AD Authenticated.

The macOS devices in our environment are not bound to Active Directory and we use Enterprise Connect for authentication to the Proxy and a Configuration Profile for 802.1x config.

Historically we've advised users to build/enrol their devices off the corporate wireless or ethernet as the proxy/802.1x interferes with the enrolment process which seems to cause the build to halt, I'm looking for a solution that either temporarily prevents the device from connecting to a specific SSID during the build process or an even more ideal solution of being able to deliver the proxy configuration and 802.1x configuration and authenticate the user against AD while the machine is still in the Setup assistant.

Keen to hear your ideas!