Security

 View Only
  • 1.  Onboarding Certificate Attributes

    Posted Apr 17, 2018 12:29 PM

    Greetings all!

     

    We're wanting to have only certain people be able to onboard our enterprise owned devices.(our PC techs) I have this pretty much setup and seems to be working, however when one of our techs onboards a device the certificate issued in Onboard is issued to thier username.  I'm wanting machine authentication only as all our devices will be domain joined laptops and I don't care about which user is logged in. The issue is that when managing the certificates in Onboard we can't tell easily what device the certificates belong to, as it only shows the username.  Anyway to get this to be the windows computer name or a custom field on the login page that the tech can enter the computer name manually, instead of assigning it directly to the Onboard username?

     

    Any advice?

     

    Thanks!



  • 2.  RE: Onboarding Certificate Attributes

    Posted Apr 17, 2018 12:32 PM
    Onboard is designed for user to machine binding. There is really no concept of a machine identity cert today.


  • 3.  RE: Onboarding Certificate Attributes

    Posted Apr 18, 2018 02:06 PM

    Okay, thanks. So in order to do what we're wanting it sounds like ADCS is about the only way to do it?

     

    Thanks



  • 4.  RE: Onboarding Certificate Attributes
    Best Answer

    Posted Apr 18, 2018 02:09 PM
    For a true machine cert, yes.


  • 5.  RE: Onboarding Certificate Attributes

    Posted Apr 18, 2018 02:24 PM

    Thanks for the help.