https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517807#M306914 <P>i've had this implemented for a while now. Curious to hear what other things you are using SCEPman certs for <SPAN class="lia-unicode-emoji" title=":eyes:"><span class="lia-unicode-emoji" title=":eyes:">👀</span></SPAN></P> Tue, 04 Mar 2025 13:27:17 GMT Kyote 2025-03-04T13:27:17Z https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517804#M306911 <P>Hey guys,<BR /><BR />I'm attempting to set up certificate-based authentication using the SCEPman CA, and Meraki local auth. I haven't been able to find a guide specifically using SCEPman. Has anyone accomplished this and would be willing to share how they did it?<BR /><BR />Thanks!</P> Tue, 26 Nov 2024 14:16:40 GMT https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517804#M306911 Kyote 2024-11-26T14:16:40Z https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517805#M306912 <P>We are using SCEPman in our org. However we don't use the local auth on the Meraki side but we are using Radius-as-a-service in combination with SCEPman. So the AP's can do radius to the service which in turn trusts the certs signed by SCEPman.<BR /><BR />This has been working fine for over a year now.</P> Tue, 26 Nov 2024 19:00:44 GMT https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517805#M306912 joey.debra 2024-11-26T19:00:44Z https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517806#M306913 <P>I'm pretty sure it's as simple as setting up SCEPman following their decent documentation. After that, you can simply enable the 'RADIUS local auth' option, choose certificate based authentication, tick a couple more boxes and then upload SCEPman's Root CA certificate in PEM format.</P><P>Then configure your endpoints to connect to that wifi network using certificate-based authentication.</P><P><A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/15353">@joey.debra</A> 's setup is more comprehensive as it also uses a cloud-based RADIUS service that you could use for a load of other stuff but what I've suggested is very simple and apparently works well for simple and secure wifi access. I will be looking to implement something similar before long, so I can retire our internal NPS server.</P> Tue, 04 Mar 2025 11:16:41 GMT https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517806#M306913 jameshammy 2025-03-04T11:16:41Z https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517807#M306914 <P>i've had this implemented for a while now. Curious to hear what other things you are using SCEPman certs for <SPAN class="lia-unicode-emoji" title=":eyes:"><span class="lia-unicode-emoji" title=":eyes:">👀</span></SPAN></P> Tue, 04 Mar 2025 13:27:17 GMT https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517807#M306914 Kyote 2025-03-04T13:27:17Z https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517808#M306915 <P>All working ok for you?</P><P>We've not even onboarded SCEPman yet so we're still using on-premise Microsoft Root CA with NPS and GPO settings to deploy wifi securely. Just like everyone else though, we're looking to offload as much as possible to O365/InTune to remove dependency on on-premise.</P> Tue, 04 Mar 2025 13:48:00 GMT https://community.cisco.com/t5/wireless/meraki-enterprise-with-local-auth-scepman-aad/m-p/5517808#M306915 jameshammy 2025-03-04T13:48:00Z