The Kandji Team

SCEP Profiles

AUTHOR: The Kandji Team

 ㅤ   A SCEP (Simple Certificate Enrollment Protocol) profile enables over-the-air delivery of certificates. This allows you to easily leverage device certificates for services such as:

  • Network Access

  • VPN

  • Marking a trusted device using an Identity Provider

Over-the-air delivery creates a seamless experience for your end users. For example, whenever an employee enters a company building, they can automatically connect to Wi-Fi without having to enter a password.

SCEP profile kandji apple mdm.png

One of the challenges with these certificates, however, is that best practices require certificates to expire and be reissued. That way, if an employee’s device is compromised, no one else has untapered access to sensitive information. It’s not safe to simply provide a device with a certificate that never expires, but it can be complicated to reissue. To solve this challenge, the Kandji team took a unique approach to the SCEP Profile by including automatic profile redistribution.

scep automatic profile redistribution.png

This gives you the best of both worlds – you can keep your information secure without the friction of manually reissuing certificates. For more information, visit the SCEP Profiles Knowledge Base article.