Meraki

Community

Meraki enterprise with local auth + SCEPman + AAD

Kyote
Comes here often
‎Nov 26 2024 6:16 AM
‎Nov 26 2024 6:16 AM

Meraki enterprise with local auth + SCEPman + AAD

Hey guys,

I'm attempting to set up certificate-based authentication using the SCEPman CA, and Meraki local auth. I haven't been able to find a guide specifically using SCEPman. Has anyone accomplished this and would be willing to share how they did it?

Thanks!

Labels:
0 Kudos
4 Replies 4
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 26 2024 11:00 AM
‎Nov 26 2024 11:00 AM

We are using SCEPman in our org.  However we don't use the local auth on the Meraki side but we are using Radius-as-a-service in combination with SCEPman.  So the AP's can do radius to the service which in turn trusts the certs signed by SCEPman.

This has been working fine for over a year now.

JamesHammy
Just browsing
‎Mar 4 2025 3:16 AM
‎Mar 4 2025 3:16 AM

I'm pretty sure it's as simple as setting up SCEPman following their decent documentation. After that, you can simply enable the 'RADIUS local auth' option, choose certificate based authentication, tick a couple more boxes and then upload SCEPman's Root CA certificate in PEM format.

 

Then configure your endpoints to connect to that wifi network using certificate-based authentication.

 

@GIdenJoe 's setup is more comprehensive as it also uses a cloud-based RADIUS service that you could use for a load of other stuff but what I've suggested is very simple and apparently works well for simple and secure wifi access. I will be looking to implement something similar before long, so I can retire our internal NPS server.

0 Kudos
Kyote
Comes here often
‎Mar 4 2025 5:27 AM
‎Mar 4 2025 5:27 AM

i've had this implemented for a while now. Curious to hear what other things you are using SCEPman certs for 👀

0 Kudos
In response to Kyote
JamesHammy
Just browsing
‎Mar 4 2025 5:48 AM
‎Mar 4 2025 5:48 AM

All working ok for you?

 

We've not even onboarded SCEPman yet so we're still using on-premise Microsoft Root CA with NPS and GPO settings to deploy wifi securely. Just like everyone else though, we're looking to offload as much as possible to O365/InTune to remove dependency on on-premise.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.