Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-7470: How to configure WI-Fi profiles with certificate delivery for enrolled mobile devices

App Access Service ,   App Gateway Service ,  

16 January,18 at 12:12 AM


How can administrators configure Wi-Fi profiles to deliver user or computer certificates to be used for 802.1X authentication for mobile devices?


In a large or smaller organization, administrators may want to implement 802.1X authentication for mobile devices. The mobile device will get a certificate from the CA in network that will allow it to connect to the Wi-Fi network. The following will need to be done:

1. To have the internal CA (Certification Authority) deliver the certificate to the device, the administrator needs to make sure "Active Directory group policy" is being used instead of "Cloud Policy Service" in the Centrify Cloud Manager, under Settings > Mobile > Device Policy Management.

2. Make sure the users are allowed to enroll devices: refer to our documentation.
Please note: These settings apply regardless of whether you use the Centrify cloud policy service or Active Directory group policies to manage device configuration policies:

3. Create the templates:
•     Computer-ClientAuth (workstation template)
•     User-ClientAuth (user template)
Please see following KB article: KB-4283: Creating templates to use certificates for authentication with cloud enrolled devices

4. Create the policy to enroll devices: refer to our documentation: Enabling the enrollment policy to use user and computer certificates

5. Create the policy and attached it to the OU the mobile devices will be in. Please note that the settings depend on how the environment is set:

User-added imageUser-added imageUser-added image

6. Enroll the phone (in this example, an iPhone was enrolled).

7. Check whether the certificate was delivered onto the device. On an iPhone, go to Settings > General > Device Management > Centrify Cloud Service > More Details:

- The Wi-Fi profile and the certificate seen on the device:

User-added imageUser-added image

- The certificate generated by the Certificate Authority seen on the server:

User-added image

For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or visit the Centrify Customer Portal at

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.