Meraki

Community

Best Way to configure cert based WIFI with WPA-Enterprise using the Microsoft Entra ID

UPENDRA8297
Comes here often
2 weeks ago
2 weeks ago

Best Way to configure cert based WIFI with WPA-Enterprise using the Microsoft Entra ID

Hello Everyone,

I am exploring the implementation of certificate-based WiFi authentication in our organization. I've reviewed various documents on the Meraki portal, but the many different scenarios presented have created some confusion. We use Microsoft Entra ID for user authentication. Given this, I would appreciate your guidance on the best practices for setting up certificate-based WiFi using Entra ID instead of RADIUS. Since I am new to Meraki, I am seeking suggestions from the community.

Thanks,
Upendra

Labels:
0 Kudos
3 Replies 3
Mloraditch
Kind of a big deal
2 weeks ago
2 weeks ago

Access Manager, which is currently in preview, would be the only built in way to do this without setting up RADIUS:

https://documentation.meraki.com/Access_Manager

It's currently only available on some shards and will require some level of licensing once it's fully released.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

Take a look at this.

 

How to configure Microsoft Entra certificate-based authentication - Microsoft Entra ID | Microsoft L...

 

Certificate-based Wi-Fi authentication with Systems Manager and Meraki APs - Cisco Meraki Documentat...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

It's quite a complex answer, because it depends on what you have.

 

If you use Intune and subscribe to CloudPKI, then you can use that to deploy certificates onto your machines.  You can then follow this thread to enable it.

https://community.meraki.com/t5/Wireless/Azure-Cloud-PKI-is-now-released-how-do-we-hook-Meraki-AP-to...

 

If you already have an MDM but you don't have the above licences, you could consider using Meraki Trusted Access.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

 

If you don't have any MDM then you could consider using Meraki Systems Manager with its certificate based enrollment system.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Certificate-based_Wi-...

You could also consider using Meraki Sentry in combination with the above.

https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview

 

 

Because of all the options, it might be a good idea to engage with a Cisco Meraki partner to narrow down the options.

 

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.