You will need a PKI that gives you a user certificate.
ClearPass can do this via the onboarding module, this is used for byod enviroments.
In a corporate enviroment with AD joined devices, you can install a windows PKI and auto-enroll your clients with that PKI.
This is not basic stuff that can be explained in a couple of lines, but there is a good video on ABC the networking channel:
https://www.youtube.com/watch?v=buNyG5WneKY&list=PLsYGHuNuBZcb0xD05v9zdwv7NlUG_8oJS&index=9&t=563s