Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Managing Android Devices
  3. Network

Category filter

How to set up Wi-Fi for Android devices?

Jump To

Hexnode UEM enables administrators to remotely configure corporate Wi-Fi settings on Android devices. This process automates secure network connectivity, allowing devices to join protected networks without manual user intervention or password disclosure.

Administrative Procedure: Configuring Wi-Fi Policies

  1. Access the Portal: Log in to your Hexnode UEM portal.
  2. Initialize Policy: Navigate to the Policies tab. You may Create a New Policy or select an Existing Policy to modify.
  3. Select Platform: Click on Android.
  4. Locate Network Settings: Navigate to Networks and select Wi-Fi.
  5. Enable Configuration: Click the Configure button to unlock the Wi-Fi settings interface.

General Wi-Fi Settings

Setting Description
Network name (SSID) The Service Set Identifier (SSID) representing the Wi-Fi network name.
Auto-join Enabled by default; allows devices to connect automatically when within range.
Hidden network Enable this if the SSID is not broadcasting.
Security type Select from None, WEP, WPA/WPA2 PSK, or 802.1x EAP.
Password Required for WEP or WPA/WPA2 PSK (Minimum 8 characters).

MAC Randomization Options

Supported on Android 12 and above, this feature enhances privacy by masking the device’s factory MAC address.

  • Persistent: The device maintains the same randomized MAC address unless a factory reset occurs.
  • Non-Persistent: The MAC address changes every time the device connects to the network.
  • Auto: (Android 13+ Enterprise/Profile Owner) The system automatically chooses between Persistent or Non-Persistent.
  • Disable: (Android 13+ Enterprise/Profile Owner) Uses the device’s factory hardware MAC address (XX:XX:XX:XX:XX:XX).

802.1x EAP Authentication Methods

802.1x EAP provides enterprise-grade security. Hexnode supports four primary EAP methods for Android devices.

1. PEAP (Protected Extensible Authentication Protocol)

PEAP encapsulates EAP within an encrypted TLS tunnel for secure credential transmission.

  1. Phase 2 Authentication: Select None, PAP, MSCHAP, MSCHAPv2 (default), or GTC.
  2. Identity: The username for authentication (supports %username% wildcard).
  3. Outer Identity: A pseudo-identity sent initially to conceal the user’s real identity.
  4. Password: The credential associated with the Identity field.

2. TLS (Transport Layer Security)

EAP-TLS uses certificate-based authentication and is supported on Android 6.0+ with Device Owner privileges.

  1. Identity: The authentication username (supports %username% wildcard).
  2. CA Certificate: Choose the certificate for server validation (must be uploaded via Security > Certificates first).
  3. User Certificate: Choose the client-side certificate for device authentication.

3. TTLS and PWD

These methods allow for secure tunneled authentication (TTLS) or password-based authentication (PWD).

  1. Identity: The authentication username (supports %username% wildcard).
  2. Password: The credential associated with the Identity field.

Configuring Wi-Fi settings for Android devices via Hexnode

Deployment: Pushing Wi-Fi Configurations

After configuring the Wi-Fi settings, the policy must be assigned to the target entities.

Method A: For New Policies

  1. Navigate to the Policy Targets tab within the policy editor.
  2. Click + Add Devices (or select Device Groups, Users, User Groups, or Domains).
  3. Select the targets and click OK.
  4. Click Save.

Method B: For Existing Policies

  1. In the Policies tab, check the box next to the desired policy.
  2. Go to Manage > Associate Targets.
  3. Select the devices/groups and click Associate.

Device-End Behavior and Technical Notes

  • User Experience: Pushed Wi-Fi networks appear in the Policies section of the Hexnode app. Users connect automatically without entering passwords.
  • Android 10 Limitations: Devices enrolled as Device Admin will not save WEP security profiles. Pushed configurations may not appear in the standard “Saved Networks” list.
  • Connection Prompts (Android 10+): On Device Admin enrolled devices, the first association shows an “Allow Suggested Wi-Fi networks” prompt. Users must click Allow for the policy to function.

    Suggested Wi-Fi network prompt.

  • Notification Permissions: If the Hexnode app lacks notification access, a manual prompt will appear in the status bar to connect. If declined, subsequent configurations will not be saved.
  • QR Code Enrollment: For Android 7+ Device Owner mode, Wi-Fi can be pre-configured in the enrollment QR code via Admin > Android Enterprise > Device Owner Settings.
  • Policy Removal: If a Wi-Fi configuration is removed, the device remains connected to the current network until a different mobile or Wi-Fi network becomes available.

Frequent Asked Questions

1. Is it possible to deploy multiple Wi-Fi networks using a single policy?

Yes. Multiple Wi-Fi configurations can be managed within a single policy by clicking the + Add more button. This enables the simultaneous deployment of various SSIDs and security parameters for different branch offices or guest access points.

2. Which certificate formats are compatible with EAP-TLS authentication?

For certificate-based authentication, standard formats such as .cer, .crt, and .pfx are supported.

4. How is a connection handled if the SSID name (Network Name) changes?

Android identifies Wi-Fi networks strictly by their SSID. If the corporate network name changes, the existing policy must be updated with the new Network name (SSID). Hexnode will push this as a new profile. The old profile will remain until the policy is updated or replaced, which might result in the device attempting to connect to a non-existent network unless the old configuration is removed from the portal.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Managing Android Devices