https://community.cisco.com/t5/network-access-control/macos-on-large-scale/m-p/3851737#M473325 I have been involved in leveraging Airwatch to authenticate iphones and macs at scale. Airwatch is able to provision user certs from AD with scep and push them down along with network connection profiles and trust chain. <BR /><BR />I say user certs because at least last year when I was going this, Airwatch was not hostname aware, it only had a user tied to a device. It works very well doing user cert eap-tls this way. One caveat would be on macbooks though, the user had to select which certificate they wanted to authenticate with if there were multiple. Tue, 07 May 2019 16:24:39 GMT Damien Miller 2019-05-07T16:24:39Z https://community.cisco.com/t5/network-access-control/macos-on-large-scale/m-p/3851347#M473311 <P>Hi Team,</P> <P>&nbsp;</P> <P>Do we have any guidance or Cisco best practices or Cisco guide about configuring DOt1X on large scale enterprise to configure EAP options on MACOS, customer is asking,&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 07 May 2019 08:35:07 GMT https://community.cisco.com/t5/network-access-control/macos-on-large-scale/m-p/3851347#M473311 Sherif El Shourafah 2019-05-07T08:35:07Z https://community.cisco.com/t5/network-access-control/macos-on-large-scale/m-p/3851390#M473320 <P>Please follow this&nbsp;<SPAN><A href="https://rui-qiu.com/casper/802-1x-network-authentication-mac/" target="_blank" rel="nofollow noopener noreferrer">802.1X Network Authentication for Mac</A></SPAN><SPAN>.</SPAN></P> Tue, 07 May 2019 09:33:17 GMT https://community.cisco.com/t5/network-access-control/macos-on-large-scale/m-p/3851390#M473320 Aravind Ravichandran 2019-05-07T09:33:17Z https://community.cisco.com/t5/network-access-control/macos-on-large-scale/m-p/3851737#M473325 I have been involved in leveraging Airwatch to authenticate iphones and macs at scale. Airwatch is able to provision user certs from AD with scep and push them down along with network connection profiles and trust chain. <BR /><BR />I say user certs because at least last year when I was going this, Airwatch was not hostname aware, it only had a user tied to a device. It works very well doing user cert eap-tls this way. One caveat would be on macbooks though, the user had to select which certificate they wanted to authenticate with if there were multiple. Tue, 07 May 2019 16:24:39 GMT https://community.cisco.com/t5/network-access-control/macos-on-large-scale/m-p/3851737#M473325 Damien Miller 2019-05-07T16:24:39Z