Integrate internal Certificate Authority with Workspace ONE UEM to deliver Computer certificate for using Port-Based Authentication

Some organisations using Port-Based Authentication to prevent unauthorised client devices from gaining access to the network.

The client device needs to have a certificate to authenticate.

Integrating Internal Certificate Authority with Workspace ONE UEM allows you to provide computer certificates to client devices.

First open the Certification Authority.

Right click on Certificate Template then click on Manage.

Right click on Computer then click on Duplicate Template.

On General tab change the name of Template. for example ComputerUEM.

On Subject Name tab choose the Supply in the request.

On Security tab add the account which has Enroll permission.

Right click on Certificate TemplateNewCertificate Template to Issues.

Add the ComputerUEM to Templates.

Log in to WS1 UEM and go to All Settings.

Click on Enterprise Integration.

Click on Certificate Authorities.

Click Add.

Type a Name. Choose Microsoft ADCS. Type the CA server Name and Authority Name. Type the Service Account Username and Password.

Click on Test Connection then SAVE.

Click on Request Templates.

Type the Name, Issuing Template, Subject Name, SAN Type.

Click on SAVE.

In WS1 UEM go to Profiles.

Click Add Profile.

Select Windows.

Select Device Profile.

Type the Name and add a Smart Group which receive the certificate.

Click on Credentials.

Click on Configure.

Choose the CA and the Template.


Now if you Enroll a Windows device the device will get a certificate with device UDID which will use for Port-Based Authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *