For Windows 10, you can use TEAP with chained machine + user certs (or a mix of cert and legacy cred).
For macOS, I’d recommend just using a machine identity, unless you absolutely need user identity for policy. tim From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> Date: Wednesday, October 14, 2020 at 15:15 To: [email protected] <[email protected]> Subject: [WIRELESS-LAN] multi user windows/osx eap tls onboarding For folks who onboard using eap tls. What workflow or solution do you use for multiuser windows/osx devices? We are using securew2 and this onboard process creates cert for that user who onboards the device. Then when another user logs on they can’t connect to wireless because the cert isn’t for that user currently logged on. I can do machine auth via adcs and gpo that out for those but not sure how or what to do with osx multi user Thanks Trent ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C25708c4323aa42f9544608d8707591a9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637382997541534260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VVSZQyXmPJsdgD1yHZyxm5q3MCPR%2BLuGaKR5umkeMLs%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
