There looks to be some movement on this - see the comments in https://github.com/Yubico/libfido2/issues/464#issuecomment-1577748167
The long and short of it; is that it looks like SSH now supports this, but you have to provide your own SSH_SK_PROVIDER by compiling libfido2 as detailed in the comments and this gist https://gist.github.com/thelastlin/c45b96cf460919e39ab5807b6d20ac2a - I haven't verified this myself yet...
Post
Replies
Boosts
Views
Activity
My limited understanding is that the best way would be to use a MDM solution.If you're purchasing the iPads - you can buy them from Apple and use DEP to have them automatically connect to a MDM server and configure themselves on firstboot. I believe you can control what options a user sees during the setup assistant- which can include connecting to Wi-FI.The other option would be to let the user perform a BYOD type deployment. So they could take any iPad - connect to Wifi and then signup with your MDM. That could then put the device into Single User ModeA few linkshttps://developer.apple.com/business/documentation/MDM-Protocol-Reference.pdfhttps://developer.apple.com/documentation/devicemanagementThere are a few opensouce MDM solutions and a bunch of paid ones.... I've used MicroMDM - but it's non trivial and depending on your use case might best to pay for the servicehttps://micromdm.ioThe folks in various MDM groups in https://macadmins.herokuapp.com/ are super helpful too.