Search…
Welcome
Details
Editions
SCEPMAN Deployment
Getting Started
Azure Sizing
Permissions
V1.x: Azure App Registration
🆕
V2.x: Managed Identities
Deployment Options
Root Certificate
Architecture
Device Directories
Certificate Deployment
Microsoft Intune
Jamf
🆕
Certificate Master
Other
Advanced Configuration
Application Artifacts
Application Insights
Application Settings
Autoscaling
Certificate Master Settings
Custom Domain
Geo-redundancy
Health Check
Intermediate Certificate
License Key
Log configuration
Update Strategy
NAC Configuration
Network Access Controllers
Other
Troubleshooting
Important Links
Changelog
Licensing
Support
SCEPman Website
Powered By GitBook
V1.x: Azure App Registration
Only the 1.x versions require an Azure App Registration. SCEPman 2.x still supports it, but we recommend using Managed Identities.
SCEPman needs to interact with your Azure Active Directory and Intune endpoints to provide the certificate and OCSP validation of users and devices. To provide the necessary permissions to SCEPman you need to create an App Registration within your tenant.

Generate App Registration (get Application ID)

  1. 1.
    Login in to Azure Portal
  2. 2.
    Navigate to Azure Active Directory
  3. 3.
    Click App registrations
4. Click New registration and enter a name, i.e. SCEPman. For supported account type choose Accounts in this organizational directory only and click register.
5. You may copy the Application (client) ID now. The ID is important and will be needed later by SCEPman deployment.

Generate Secret (get Client Secret Value)

1. Stay within App registrations and click on Certificates & secrets
2. Click New client secret, add a description and choose the expiration. We recommend 24 months, this helps to provide an ongoing service for two years. You can revoke a secret at any time. Click Add
3. Copy the secret value and copy it down in a secure place.
Please do not mix it up with the "Client Secret ID". We need the "Client Secret Value", here.
Copy the client secret value **** immediately. You will not be able to retrieve it after you leave this submenu.

Configure Permissions

Stay within App Registrations and click on API permissions
  1. 1.
    Remove the default User Read permission
2. Click on Add a permission and choose Microsoft Graph. When chosen, select Application permissions and search for directory. Add Directory.ReadAll as permission.
3. Now click on Add a permission and choose Intune. When chosen, select Application permissions and search for scep. Add scep_challenge_provider as a permission
4. Finally click on Grant admin consent and confirm the consent for the given app registration.
5. After successfully granting the permissions you should see green status for each permission.
The app registration is done.
SCEPMAN Deployment - Previous
Permissions
Next
V2.x: Managed Identities
Last modified 1mo ago
Copy link
Edit on GitHub
Contents
Generate App Registration (get Application ID)
Generate Secret (get Client Secret Value)
Configure Permissions