Hi @cassielevett You need to use the security set-identity-preference
function for this. Its not the easiest thing to do. I only know because we also use a separate Identity (cert + private key) deployed down from a CMS server and needed to find a way to associate the SSID to that identity, that way when Wi-Fi was turned on and the SSID was selected by the end user they didn't need to go through the steps to get the cert and SSID associated. It would just connect (mostly). We also aren't using a Config Profile for this, so it made things a little more complicated.
Here's a snippet of the code we use.
security set-identity-preference -n -s "com.apple.network.eap.user.identity.wlan.ssid.<ssid_name>"
security set-identity-preference -c "$loggedInUser" -s "com.apple.network.eap.user.identity.wlan.ssid.<ssid_name>" /Users/$loggedInUser/Library/Keychains/login.keychain
The above is only a small portion of the script. You need to replace the <ssid_name> with the name of your SSID, and $loggedInUser is also captured separately in the script and is of course, the current logged in username.
Hopefully that helps get you on the right track.