LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
    • Permissions
      • Azure App Registration
      • Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root CA
    • Intermediate CA
  • Certificate Management
    • Revocation
    • Microsoft Intune
      • Windows
        • Certificate Based Authentication for RDP
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Certificate Master
      • Manage Certificates
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • Sub CA Certificate
      • Code Signing Certificate
      • Client Certificate
      • User Certificate
    • Domain Controller Certificates
    • Enrollment REST API
      • Self Service Enrollment
        • Intune Managed Linux Client
        • Unmanaged Linux Client
      • API Enrollment
        • Linux Server
        • Windows Server
  • Azure Configuration
    • Application Insights
    • App Service Sizing
      • Autoscaling
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Log Management
    • Moving Resources
    • Private Endpoints
    • Split-Tenancy
  • Update Strategy
  • SCEPman Configuration
    • SCEPman Settings
      • Basics
      • Certificates
      • Certificate Master
      • CRL
      • Dependencies (Azure Services)
        • Azure KeyVault
        • Logging
        • Microsoft Entra ID (Azure AD)
        • National Cloud Platforms
      • Enrollment REST API
      • OCSP
      • SCEP Endpoints
        • DC Validation
        • Intune Validation
        • Jamf Validation
        • Static Validation
        • Static-AAD Validation
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Application Artifacts
    • Certificate Master RBAC
    • Device Directories
    • Intune Strong Mapping
  • Other
    • Security & Privacy
    • Support
    • Licensing
      • Azure Marketplace
    • FAQs
      • General
      • Certificate Connector
      • Network Access Controllers
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
  • Uninstallation
  • Change Log
  • Links
  • SCEPman Website
Powered by GitBook
On this page
  • AppConfig:AuthConfig:ApplicationId
  • AppConfig:AuthConfig:ApplicationKey
  • AppConfig:AuthConfig:TenantId
  • AppConfig:AuthConfig:HomeTenantId
  • AppConfig:AuthConfig:HomeApplicationId
  • AppConfig:AuthConfig:ManagedIdentityEnabledOnUnixTime

Was this helpful?

  1. SCEPman Configuration
  2. SCEPman Settings
  3. Dependencies (Azure Services)

Microsoft Entra ID (Azure AD)

Last updated 5 days ago

Was this helpful?

These settings should only be applied to the SCEPman App Service, not the Certificate Master. Please refer to .

AppConfig:AuthConfig:ApplicationId

Linux: AppConfig__AuthConfig__ApplicationId

The from your Microsoft Entra ID (Azure AD) App registration. This setting is configured during the setup.

Please do not mix this up with the "Client Secret ID". We need the "Application (client) ID", here.

Changes can harm your service!

AppConfig:AuthConfig:ApplicationKey

Linux: AppConfig__AuthConfig__ApplicationKey

The from your Microsoft Entra ID (Azure AD) App registration. This setting is configured during the setup of a SCEPman 1.x version. SCEPman 2.x usually does not use this setting and instead relies on .

Please do not mix this up with the "Client Secret ID". We need the "Client Secret Value", here.

Changes can harm your service!

AppConfig:AuthConfig:TenantId

Linux: AppConfig__AuthConfig__TenantId

The Microsoft Entra ID (Azure AD) Tenant ID. This setting is automatically configured during the setup.

Changes can harm your service!

AppConfig:AuthConfig:HomeTenantId

Linux: AppConfig__AuthConfig__HomeTenantId

Changes can harm your service!

AppConfig:AuthConfig:HomeApplicationId

Linux: AppConfig__AuthConfig__HomeApplicationId

Please do not mix this up with the "Client Secret ID". We need the "Application (client) ID", here.

Changes can harm your service!

AppConfig:AuthConfig:ManagedIdentityEnabledOnUnixTime

Linux: AppConfig__AuthConfig__ManagedIdentityEnabledOnUnixTime

Changes can harm your service!

When running SCEPman in a different tenant than Intune, this specifies the Id of the tenant hosting the SCEPman Azure resource, while specifies the tenant of Intune. In this case, you cannot use the more convenient , but must use authentication using .

This setting is only used for situations where SCEPman runs in a different tenant than Intune. The HomeApplicationId specifies the application ID of your scepman-api app registration in the tenant where the SCEPman and Certificate Master App Services run. and specify the application ID and Client Secret Value, respectively, of the app registration in the tenant where Intune runs.

The time as Unix epoch when the required permissions to the Managed Identity were granted. SCEPman acquires a token using the Managed Identity only after a short delay (60 seconds in SCEPman 2.0) after this time, because only then do the roles in the token reflect the correct permissions added by the CMDlet. The tokens are cached , so if you added a permission after SCEPman has acquired a token, you need to wait up to 24 hours until SCEPman can use this new permission.

for 24 hours with no way to force refresh the cache
authentication based on Managed Identities
an Azure App Registration and a Client Secret
AppConfig:AuthConfig:TenantId
AppConfig:AuthConfig:ApplicationId
AppConfig:AuthConfig:ApplicationKey
SCEPman Settings
Managed Identity authentication
Application (client) ID
Application Key (client secret value)