Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
191192193194195196197198199200
192 | Onboard Dell Networking W-ClearPass Guest 6.5.0 | User Guide
Field Description
ADCS Template (Required) If Active Directory Certificate Services was chosen in the Signer field,
enter the name of the template to use when requesting the certificate. If the name
is not known, you can use the default name of "user".
Key Type (Required) Specifies the type of private key that should be created when issuing a
new certificate. You can select one of these options:
l 1024-bit RSA created by server: Lower security.
l 1024-bit RSA created by device: Lower security. Uses SCEP to provision the
EAP-TLS certificate.
l 2048-bit RSA created by server: Recommended for general use.
l 2048-bit RSA created by device: Recommended for general use. Uses SCEP
to provision the EAP-TLS certificate.
l 4096-bit RSA created by server: Higher security.
l X9.62/SECG curve over a 256 bit prime field - created by server
l NIST/SECG curve over a 384 bit prime field - created by server
See Note below this table.
Unique Device Credentials Includes the username as a prefix in the device's PEAP credentials.
Using a private key containing more bits will increase security, but will also increase the processing time required to
create the certificate and authenticate the device. The additional processing required will also affect the battery life
of a mobile device. It is recommended to use the smallest private key size that is feasible for your organization. The
“created by device options use SCEP to provision the EAP-TLS device certificate, so the private key is known only to
the device rather than also known by the user. When a “created by device option is selected, the generated key is
used instead of a username/password authentication defined in Network Settings.
Field Description
Authorization Method Authorization method for devices. Options include AppAuth and RADIUS.
Configuration Profile Configuration profile to provision to devices. All configuration profiles that have
been created are included in this list. A configuration profile specifies an
application set, Exchange ActiveSync settings, network settings, passcode policy,
VPN, and other settings. For more information, see "Onboard Configuration" on
page 141.
Maximum Devices Enter a number to limit the maximum number of devices that each user may
provision. To be enrolled, a device must have a currently valid certificate, and its
status set to Allowed (at Onboard > Management and Control > View by
Device).
Table 33: Device Provisioning Settings, General Tab, Authorization Area