Help with script that configure 802.1x wifi

Self Service policies should not require admin credentials. That's actually the primary point of Self Service. It allows non admin users to run policies that have commands, installers and such that would normally require them to type in an admin password.
So in your case, you could deploy the profile into a location like /private/tmp/ in a package, then have a script run set to "After" that would install it with the profiles command.

But backing up a moment, I have a feeling there's a better way to address your primary issue without needing to always re-install a profile. Can you provide any more details on the issue?

Hi @mm2270 The primary issue we've been is users changing their passwords, and their keychain gets corrupted or passwords not updating to the newly changed password. (It happens a few times a month). We wipe their keychain, which also wipes the certificates needed to connect to our wifi. I've been able to quickly re-add it by using the profiles command, but I want to make a simpler solution for our junior desktop techs.

Would making a script that has "/usr/bin/profiles -I -F /path/to/mobileconfig" bypass the admin prompt and re-add the certificates?

I'm confused, why are the certificates on the user's keychain? Shouldn't you be storing them on the System keychain? Are they computer or user certificates?

Our (computer) certificates and wifi configuration are installed at the system level, so the system authenticates with 802.1x independent from any user account.

@alexjdale Ours are being stored under the login keychain as user certificates. Every user has a different wifi certificate generated, we don't have a generic one for every machine.