As an admin, use this page to configure settings for SCEP certificate enrollment on iOS devices. Select SCEP settings to retrieve a SCEP certificate instead of a self-signed enrollment certificate.
The path to the Automated Enrollment page on the UEM console is Groups & Settings > All Settings > Device & Users > Apple > SCEP.
What can you do with the Apple SCEP settings page?
With the Apple SCEP page, you can:
- Configure SCEP certificate settings.
Determine your Organization group hierarchy
Before you review and modify the settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choice. For more information about these settings, see
Override Versus Inherit Setting for Organization Groups.
- Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
- Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.
Enter the SCEP settings in Apple SCEP settings page.
| Setting | Description |
|---|---|
| Use in Enrollment | Select this checkbox to retrieve a SCEP certificate during enrollment instead of a regular enrollment certificate. |
| SCEP Certificate Authority | Select the certificate. If one is not available, go to and follow the prompts to add a certificate. |
| SCEP Certificate Template | Select the certificate template. If one is not available, go to and follow the prompts to add a certificate template. |
