jamf AD CS Connector vs SCEP Question

Sachin_Parmar
Contributor

Hi All,

I've just configured a jamf AD CS connector and trying to get it working with Jamf Cloud.

The AD CS is open and jamf can communicate with it, it sends certificate requests and that's working my issue is I don't have a LDAP or LDAP proxy configured so I can't use $USERNAME variables in the cert request, I ideally want the certificate to be built from AD but this doesn't seem to be working for User Certs. Is there anyway the server can impersonate a user?

What do you recommend me going down the AD CS Connector route or getting our Infrastructure team to provision a new SCEP server to handle these requests?

Sachin

2 REPLIES 2

bartlomiejsojka
Contributor

If you'd have a solid way to determine the user on a device you could use recon options (jamf help recon) to update User and Location info to be used with Payload Variables. However for certificates it doesn't seem like a secure solution, so if you are able to determine the user assigned to a device externally, you can leverage Inventory Preload to feed U&L data, „simulating” LDAP integration. This potentially can be even automated via UAPI 🤓.

Sachin_Parmar
Contributor

Yeah that would work, I could build EA's to get the info but I'd have to supply that info in the cert request rather i'd like to build the cert via AD if possible.