# Mosyle For more general information about other MDM solutions and SCEPman integration please check [here](/certificate-management/static-certificates.md). ## Enable Mosyle Integration Integrating Mosyle with SCEPman can be easily enabled via the following SCEPman app configurations: {% hint style="info" %} You can differentiate between the SCEPman App Service and the Certificate Master by looking for the App Service **without** the "-cm" in its name {% endhint %} | Setting | Description | Value | | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------: | | [AppConfig:StaticValidation:Enabled](/scepman-configuration/application-settings/scep-endpoints/static-validation.md#appconfig-staticvalidation-enabled) | Enable the 3rd-party validation | **true** to enable, **false** to disable | | [AppConfig:StaticValidation:RequestPassword](/scepman-configuration/application-settings/scep-endpoints/static-validation.md#appconfig-staticvalidation-requestpassword) |

Certificate signing requests sent to SCEPman for signing are authenticated with this secure static password

Recommendation: Store this secret in Azure KeyVault.

| *generate a 32 character password* | | [AppConfig:StaticValidation:ValidityPeriodDays](/scepman-configuration/application-settings/scep-endpoints/static-validation.md#appconfig-staticvalidation-validityperioddays) (optional) | How many days shall certificates issued via Mosyle be valid | 365 | | [AppConfig:StaticValidation:EnableCertificateStorage](/scepman-configuration/application-settings/scep-endpoints/staticaad-validation.md#appconfig-staticaadvalidation-enablecertificatestorage) (optional) | Store requested certificates in the Storage Account, in order to show them in SCEPman Certificate Master | ***true*** to enable, ***false** to disable* | {% hint style="info" %} After adding or editing SCEPman configuration parameters, you need to restart the app service. {% endhint %} ## Mosyle Configuration ### SCEPman Root Certificate As a first step you must deploy SCEPman's root certificate. Download this CA certificate via SCEPman website: ![SCEPman Website](/files/EfcGLtpCiY5X1RgElPgt) In Mosyle, navigate to Management and add "**Multi-Cert Profile**" as a new profile type (if it does not already exist). Now **Add new profile,** choose a name for this profile, e.g. SCEPman Root CA, then click on **+ADD PROFILE** under Profile Name (see screenshot below)**,** and choose "Add Certificate profile" from the shown window. Next, select and upload the SCEPman root certificate you already download, add SCEPman Root CA as Profile Name and Save. ![Adding a Root CA Profile](/files/gTD8wbQRKKAYhj1XFxjl) ![Upload Root CA](/files/Ky45uxqykowZYJnLUFJ9) Now you need to assign this profile to your devices/users, then Save ![Save Root CA profile](/files/7cdlNJ6wz2FDI5MKfJbJ) After saving, you can check the compliance status by clicking on view details on the profile ![Profile Distribution Status](/files/9NwpOedMSVlsHyIbg56A) ### Device Certificate Add a new profile, add profile name e.g. SCEPman Device Certificate, **+ADD PROFILE,** now choose **SCEP Profile** and fill out the values as shown below ![SCEP Profile Configuration](/files/ynh6XmiM12IuqeZEeAgC) ![SCEP Profile Configuration](/files/vTEJ9KFXfAFGsuzhFjFI) **Profile Name:** choose a name for your profile **Server:** choose URL **URL:** past your SCEPman URL with **/static** at the end as shown on the screenshot. You can also copy this value from SCEPman homepage near **Static MDM** **Subject:** It is up to you which variables you choose for the subject, you can choose one or multiple Relative Distinguished Name (RDN). NOTE that RDNs always start with **/** for example `/CN=%DeviceName%` for device name. On our example on the screenshot, we have added 3 RDNs, multiple CNs is also allowed. You can check the variable list by clicking on **View available variables** above the field. **Subject Alternative Name** is optional. **Challenge:** add your 32 character challenge password configured in SCEPman configuration, [see enable Mosyle integration](#enable-mosyle-integration) **Key Size:** 2048 Enable the two options "**Use for signing**" and "**Use for encryption**", and leave all other settings as default (like shown on the screenshot) then **Save** Now you need to assign this profile to your devices/users, then **Save**. After saving, you can check the compliance status by clicking on view details on the profile ![Profile Distribution Status](/files/Gpx0ZlXJCol7G4UOaTET) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.scepman.com/certificate-management/static-certificates/mosyle.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.