Help

ADCS Connector: Computer vs User level certs

bwoods
Valued Contributor

Posted on ‎02-03-2021 08:17 AM

Hello,

I've scoured the ADCS Connector documentation and just need some clarification on deploying computer level certs and user level certs. I'm currently working with Jamf Support, but they haven't given a clear answer yet.

  1. To deploy user certs/user level configuration profiles, do computers need to be bound to Active Directory?

  2. Is it best practice to deploy computer certs/computer level configuration profiles when machines are unbound/using Jamf Connect.

Labels:
0 Kudos
Reply
2 REPLIES 2

yuenhongtang
New Contributor III

Posted on ‎04-16-2021 12:01 AM

To deploy user certs/user level configuration profiles, do computers need to be bound to Active Directory?

1) its depend on your environment, If you configuration profile contains the connection to WIFI that links to your office, it will be best that you deploy after bound to AD so you will have a source of control. Because AD can link to hostname or laptop names upon connecting.

0 Kudos
Reply

Mark_Lamont
New Contributor III

Posted on ‎03-07-2022 06:20 AM

  1. To deploy user certs/user level configuration profiles, do computers need to be bound to Active Directory? No.  However... The user has to be MDM enabled to receive user certs/profiles so if you use jamf connect logon or scripted account creation this will not be the case - check in inventory and it shows there:

Screenshot 2022-03-07 at 14.15.45.png

Account creation using native mac setup wizard, including using enrolment customisation (SSO etc) , does make MDM enabled users.

Reply