Enable Jamf Pro as Scep Proxy for Configuration Profiles - help with setup needed!

amuenks
New Contributor

Hello Jamf experts!

 

I am primarily a Microsoft Intune/SCCM admin.  I also manage our Jamf Pro environment for MacOS.  We currently use a SCEP Cert Profile in intune tied to an NDES server to deploy an 802.1x certificate to allow our azure joined Windows devices access to our on premise domain.  We currently have our macs bound to the domain to allow a cert request for this.  We recently got our Jamf Connect setup going and have no reason to bind to the domain anymore.  I have read the documentation on how to set up Jamf Pro as a SCEP Proxy but I am NOT a mac expert and don't really understand what needs to be put in the fields of this setup.  I'm assuming the URL is the Scep Server Url .  I'm not sure what to put in for Name, Subject, Subject alternative Name Type, or what options I should choose, or what Certificate I should use as the Signing Certificate.  I'm lost.  I opened a ticket with Jamf Support and they sent me the link to the article I already have.  

 

For information purposes, in our Windows Intune Scep Cert profile the Subject Name is set to CN={{AAD_Device_ID}} and our Alternative is set to DNS with the same value.

 

We can't move forward with Jamf Connect until we get this working because otherwise our users won't be able to access printers or shares when they are on premise.  

 

Please help!

5 REPLIES 5

JustDeWon
Contributor III

amuenks
New Contributor

Thanks JustDeWon!  I actually found this document right after posting this.  I was able to fill in what I thought was correct and created and deployed the profile to 2 test macs.  It never actually deploys.  The config profiles never show up under profiles and in Jamf, under the Config Profile logs, both machines are stuck at pending...  Are there any logs I can look at to see why the profile never deploys?

On the affected machines within Jamf, look at the Management tab. Sometimes you'll get the exact error of why the MDM profile didn't deploy if it failed.. 

But if they are just pending.. Try navigating to Global Management>Event logs, and pulling the logs from there

Keith_L
New Contributor III

Your profile is it for Users instead of Computers under Levels in General (config profile)?

If it's a User profile, you have to logged out and login again to trigger the profile.

.