user based certs to authenticate to vpn

CommandShiftK
New Contributor III

We are looking to require certs for vpn. Mac devices will need user based certs to authenticate to vpn. We are using AnyConnect. Any thoughts on how I can achieve this?

3 REPLIES 3

sdagley
Esteemed Contributor II

@michaelmark How do you issue certificates for your Windows systems? If you have a server that supports SCEP requests you can use a SCEP payload in a Configuration Profile to install a certificate (the server would have to be accessible from the public Internet for that to work). Jamf also supports the Venafi certificate management system via the Jamf PKI Proxy, and the Active Directory Certificate Services via the Jamf AD CS Connector.

For more info on the latter two, see: https://docs.jamf.com/technical-papers/jamf-pro/venafi/10.29.0/Introduction.html and https://docs.jamf.com/technical-papers/jamf-pro/integrating-ad-cs/10.29.0/Introduction.html

CommandShiftK
New Contributor III

I'll try the AD CS Connector out. Thanks!

CommandShiftK
New Contributor III

update - using the Jamf AD CS Connector was exactly what we needed. A little tricky to get working properly, but is good to go.