<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Error while Issuing a ClientCertificate via Delegated SCEP

Last Updated:

Multi-Factor Authentication
Okta Identity Engine

Overview

The following error occurred while using the delegated Simple Certificate Enrollment Protocol (SCEP) to issue a client certificate:
 

Insufficient privileges to complete the operation.

 

Applies To

  • Okta Identity Engine (OIE)
  • Microsoft Endpoint Manager
  • Azure Active Directory

Cause

The underlying reason was the application permissions in Azure Active Directory. 

Solution

Set the Intune scep_challenge_provider permissions:

  1. Select Azure Active Directory > App registrations.

  2. Click + Add a permission.

  3. In the Request API permissions section, scroll down and then click Intune.

  4. Under What type of permissions does your application require?, click on Application permissions.

  5. In the Select permissions search field, enter scep, and then select the scep_challenge_provider checkbox.
    Add intune permissions 

  6. Click Add permissions.

  7. In the Configured permissions section, click ✔ Grant admin consent for <Tenant_Name>.
    Grant admin consent for <Tenant_Name> 

  8. Click Yes in the message that appears.


Related References

 

Recommended content

Still looking for help?
Loading
Okta Support - Error while Issuing a ClientCertificate via Delegated SCEP