That make sense, thanks, i'm going to test this later today. So i have the following options if i'm correct:
1. Use current authentication method
Issue a client certificate, install and connect with EAP-TLS to the current SSID.
2. Allow username and password access
Add EAP PEAP and EAP MSCHAPv2 to the service profile in CCPM (and maybe on the SSID/VAP profile on the controller).
Create/modify the role mapping and/or enforcement policy to allow access based on user group memebership in AD.
3. Start with CCPM Onboarding
This is new to me, but this is to allow different kind of OS/devices to auto enroll and connect to our network, is this correct?
Are these 3 options correct? Is option 2 also going to work?
What is the way to go? Currently there are just a hand full of laptops other that Windows based, but i expect this to grow, so i think option 1 can work for now (i'm going to test this later), but for the best managed way, what should we choose?
Thanks,
Roland