From 8827ae45ab25c2c15f2c06d903209e0f9e614d5a Mon Sep 17 00:00:00 2001 From: Marko Lisica <83164494+marko-lisica@users.noreply.github.com> Date: Sat, 3 Jan 2026 20:55:51 +0100 Subject: [PATCH] Update user-scoped certificates section (#37693) Clarify instructions for macOS vs Windows regarding certificate payload scoping and profile upload. --- .../connect-end-user-to-wifi-with-certificate.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/articles/connect-end-user-to-wifi-with-certificate.md b/articles/connect-end-user-to-wifi-with-certificate.md index 37162f3238..9207a97a00 100644 --- a/articles/connect-end-user-to-wifi-with-certificate.md +++ b/articles/connect-end-user-to-wifi-with-certificate.md @@ -756,16 +756,9 @@ If an end user is on vacation (offline for more than 30 days), their certificate You can deploy a user scoped certificate on macOS and Windows hosts using a user scoped configuration profile. -1. **Add your CA as before** - Use the above steps to integrate your CA with Fleet. -1. **Create a certificate payload** - Use your preferred tool (e.g., Apple Configurator or a `.mobileconfig` generator) to create a configuration profile that includes your certificate. For Windows, use the [example profile](#example-configuration-profiles) and replace `./Device` with `./User` in all `` elements. -2. **Ensure the payload is scoped to the user** - In the payload, set the `PayloadScope` to `User`. This tells macOS to install the certificate in the user’s login keychain instead of the system keychain. -3. **Upload the configuration profile to Fleet** - Navigate to **Controls > OS settings > Custom settings** in the Fleet UI. Upload the `.mobileconfig` profile you created. -4. **Assign the profile to the correct hosts** - Use Fleet’s targeting filters to assign the profile to the appropriate hosts. The certificate will be installed in the login keychain of the user currently logged in on each device. +1. Follow the instructions above to connect Fleet to your certificate authority (CA). +2. Create a certificate [configuration profile](#example-configuration-profiles). For Windows, replace `./Device` with `./User` in all `` elements. For macOS, set `PayloadScope` to `User`. +3. In Fleet, navigate to **Controls > OS settings > Custom settings** and upload the configuration profile you created. ### Editing ceritificate configuration profiles on Apple (macOS, iOS, iPadOS) hosts