Kandji

SCEPman can be connected to Kandji as External CA. Via SCEPman's static interface and a challenge password enrolled devices will be able to obtain certificates.

For more general information about 3rd-party MDM solutions and SCEPman integration please check here.

Enable Kandji Integration

Kandji integration of SCEPman can be easily enabled via the following app configurations:

Kandji Configuration

SCEPman Root Certificate

As a first step, you need to deploy SCEPman root certificate. Download this CA certificate via the SCEPman website:

In Kandji, navigate to Library on the left navigation bar and add a Certificate Library Item to your Blueprint.

To upload the certificate, first select PKCS #1-formatted certificate under Certificate type, secondly provide an optional name, upload your SCEPman CA certificate and eventually save it.

SCEP Profile

The second step is to add a SCEP Profile to your Blueprint. Therefore, add a new SCEP Library Item and configure it as below:

• URL: **** The static SCEP endpoint of SCEPman you configured above

• Name: An optional SAN attribute

• Challenge: Is required to authenticate CSR requests sent to SCEPman's static SCEP interface. It must match the value you have configured above.

• Fingerprint: Optional CA fingerprint. It is highly recommended to configure this value as it provides an additional level of security. You can find it on your SCEPman website as CA Thumbprint.

• Subject: Optional subject name. CN=$PROFILE_UUID will be automatically added from Kandji as default common name. Kandji allows you to add multiple CNs.

• Key Size: 2048

• Key Usage: Both, signing and encryption

For more information please check Kandji's documentation.

Deployment Status

After saving the certificate or SCEP profile, switch to Status to check the deployment status on Blueprints assigned devices.