User Authentication for iOS on Microsoft Intune
Focus
Focus
GlobalProtect

User Authentication for iOS on Microsoft Intune

Table of Contents

User Authentication for iOS on Microsoft Intune

GlobalProtect™ with Microsoft Intune supports certificate-based (SCEP only) and SAML authentication. If you are using SAML authentication, you can skip to the next step, Configure GlobalProtect Settings on iOS Devices via Microsoft Intune.
SAML authentication isn’t supported for the Always-On connect method.
If you want to use certificate-based authentication, create a SCEP certificate profile by following the steps below.
  1. On the Microsoft Intune admin center, navigate to DevicesiOS/iPadOS devicesConfiguration.
  2. Click CreateNew Policy.
  3. Set the Profile type to Templates and select SCEP Certificate as the template name.
  4. Click Create.
  5. Enter a name and description and click Next.
  6. In the Configuration settings tab, select a type depending on how you plan to use the certificate profile:
    • User: User certificates can contain both user and device attributes in the subject and SAN of the certificate.
    • Device: Device certificates can only contain device attributes in the subject and SAN of the certificate.
  7. Enter Subject alternative name attributes and values for the profile. You can enter more than one subject alternative name. The text value can contain variables and static text for the attributes.
  8. Enter the Certificate validity period. Intune supports a validity period of up to 24 months.
  9. Select key usage options for the certificate:
    • Digital signature: Allow key exchange only when a digital signature helps protect the key.
    • Key encipherment: Allow key exchange only when the key is encrypted.
  10. Select the number of bits contained in the key.
  11. Select the trusted Root Certificate profile you previously configured and assigned to applicable users and devices for this SCEP certificate profile. The trusted certificate profile is used to provision users and devices with the Trusted Root CA certificate.
  12. Add Extended key usage values for the certificate's intended purpose.
  13. Click Next.
  14. Add user assignments and click Next.
  15. Review the certificate details and click Create.