---
title: Creating certificate profiles in Intune
description: To complete the configuration, import the certificate authority (CA) root certificate into PingFederate, and configure trusted certificate and SCEP profiles in Intune.
component: intune
page_id: intune:setup:pf_intune_ik_creating_certificate_profiles_in_intune
canonical_url: https://docs.pingidentity.com/integrations/intune/setup/pf_intune_ik_creating_certificate_profiles_in_intune.html
revdate: March 5, 2025
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Creating certificate profiles in Intune

To complete the configuration, import the certificate authority (CA) root certificate into PingFederate, and configure trusted certificate and SCEP profiles in Intune.

## About this task

Learn more about certificate profiles in Intune in the following sections of the Microsoft documentation:

* [Use certificates for authentication in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune-service/protect/certificates-configure)

* [Create a device profile in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune-service/configuration/device-profile-create)

## Steps

1. In PingFederate, import the root certificate from your CA into the global trust list. Learn more in [Manage trusted certificate authorities](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_certmanagementtasklet_trustedcas_certmanagementstate.html) in the PingFederate documentation.

2. Sign on to [Microsoft Azure](https://portal.azure.com/#home) as an administrator.

3. Follow the steps in [Create trusted certificate profiles](https://learn.microsoft.com/en-us/mem/intune-service/protect/certificates-configure//) in the Microsoft documentation.

4. Follow the steps in [Create and assign SCEP certificate profiles in Intune](https://learn.microsoft.com/en-us/mem/intune-service/protect/certificates-profile-scep) in the Microsoft documentation, with the following details:

   1. On the **Configuration settings** tab, in the **Certificate type** list, select **User**.

   2. To get the security posture for all of the user's devices, from the **Subject name format** list, select **Common name**. From the **Subject alternative name** list, select **User principal name (UPN)**.

   3. To get the security posture for the user's current device only, from the **Subject name format** list, select **Custom**. In the **Custom** field, modify the value to include `CN={{AAD_Device_ID}}}`.