EAP-TLS WiFi with on-prem AD server for personal devices

New Contributor III

Does anyone have experience getting device certificates from Active Directory via Jamf's AD CS Connector on to a personally owned device enrolled via user-initiated enrollment?

The problem I'm running into is that, even though the user has to authenticate with their AD credentials at myjamfurl.com:8443/enroll to begin the enrollment process, the actual MDM profile is tied to a managed Apple ID instead of their AD credentials. So, when the managed Apple ID credentials are sent to the AD server, authentication fails and they never get the certificate to join the internal WiFi.

We're wanting to get this working for several members of district leadership, maybe 20-25 people tops.

Without having Azure AD and federating in Apple School Manager, is there any way that anyone knows of to get user initiated enrollment to pass LDAP credentials to the AD CS connector instead of the managed ID credentials?