Just to add to Saravanan post, just be aware to achieve cert-enrollment via EST/SCEP to an MDM might require you to 'expose' your CPPM to the WWW especially if the MMD Mgmt is cloud based, while not perfect its a consideration you need to consider in planning to lock the process down.
------------------------------
Danny Jump
------------------------------
Original Message:
Sent: Nov 19, 2020 03:37 PM
From: Saravanan Rajagopal
Subject: ClearPass CA & MDM
Hi,
Only ClearPass OnBoard can service SECP/EST enrolment.
You could get the certificate signed via RESTApi, but again this will use one of the OnBoard CAs to sign the client certificate.
------------------------------
Saravanan Rajagopal
Original Message:
Sent: Nov 16, 2020 09:00 AM
From: Perttu Aaltonen
Subject: ClearPass CA & MDM
Thanks! Are there any other resources for using ClearPass this way? Most guides seem to give examples for using the Onboard web-interface.
Original Message:
Sent: Nov 13, 2020 06:02 PM
From: Saravanan Rajagopal
Subject: ClearPass CA & MDM
Hi,
You can use ClearPass OnBoard CA for clients certificate enrolment over SCEP. Please refer to the "SCEP setup" in ClearPass EMM integration guide.
Tech Note ClearPass EMM Integration V5
------------------------------
Saravanan Rajagopal
Original Message:
Sent: Nov 13, 2020 07:57 AM
From: Perttu Aaltonen
Subject: ClearPass CA & MDM
Hello everybody.
I'd like to know if ClearPass would work in this scenario:
- Azure AD (or AADDS if required)
- Third-party MDM/EMM service
- ClearPass RADIUS & Certificate Authority
Would ClearPass be able to work as the CA and hand out certificates for the MDM service to install them automatically on client devices? EAP-TLS so not really any need to authenticate individual users, but to provision new devices through a separate provisioning network and then connect with the certificate to the production network.