Configure WiFi settings to have the devices connect to corporate network. All you will be doing is, configuring the network remotely and pushing it over-the-air, so the end-users won’t be having even the slightest idea about the network password. To configure the policy,
- Proceed to Policies.
- Select an existing policy or create a new one.
- Click on iOS Settings.
- Under Network, select WiFi.
- Click on Configure.
You can add as many WiFi networks as you like by clicking on + Add more button.
These are the basic WiFi settings displayed to the admin for configuring WiFi network.
|Service Set Identifier||We don’t want to make it too complex, consider Service Set Identifier (SSID) as the name of a WiFi network.|
|Auto join||The device connects automatically to the network when the device enters the network’s service area. Enabled by default.|
|Hidden network||Allow users to connect to a WiFi network which is hidden, the one whose SSID is not broadcasting. By default, connecting to hidden networks is disabled.|
|Security type||There are seven options to choose from – None, WEP, WPA/WPA2, Any (personal), WEP Enterprise, WPA/WPA2 Enterprise and Any Enterprise. The rest of the WiFi network configuration depends on the security type. Any (personal) is set as the default security type.|
|Proxy||Set proxy, the available methods are None (default), Manual and Automatic. See below to know more about the fields available to set up the proxy.|
Configuring Network Security
By choosing None, you are trying to connect to an open WiFi network. So, there isn’t anything else to configure.
- WEP, WPA/WPA2 or Any (personal)
If you are trying to connect to a WiFi network secured with WEP, WPA/WPA2 or Any (personal), you’ll need to enter the password to connect to the network. In this case, select this security type and enter the password to the password field.
- WEP Enterprise, WPA/WPA2 Enterprise or Any Enterprise
You might need to set up the following options if you want to connect to a network which is protected by any Enterprise security.
|Accepted EAP types||Select all applicable Extensible Authentication Protocols (EAPs). Available EAP types are TLS, LEAP, EAP-FAST, TTLS, PEAP, EAP-SIM. TTLS will be accepted by default, others are not.|
(Works only if EAP-FAST is enabled)
|Use Protected Access Credentials (PAC), which is stored on the device to show that the authentication is successful. Enable this option to use an existing PAC. Used by default if EAP-FAST is accepted.|
(Editable if PAC is used)
|Check this option to use PAC successfully. Used by default if EAP-FAST is accepted.|
|Provision PAC Anonymously
(Option available if PAC is provisioned)
|Provision PAC without authenticating with the server. Disabled by default.|
(Shown only if TTLS is accepted)
|Select from the list of authentication processes like PAP (default), CHAP, MSCHAP, MSCHAPv2. PAP, CHAP and MSCHAP (v1 and v2) are all peer-to-peer connection methods. Passwords are transferred as a plain text in PAP, whereas a hash function is applied on the password with a random number in the case of CHAP, and both the random number and the result of hash is sent in CHAP. MSCHAP is Microsoft’s own variant of CHAP. The second version of MSCHAP (MSCHAPv2) support mutual authentication.|
|Username||Username provided by the Enterprise to connect to its network.|
|Use per connection password||Per-connection password is one which is used to connect to a WiFi network and discarded once the connection is made. If this option is checked, the user needs to enter the password every time he tries connecting the device. Disabled by default.|
(Can be set if per connection password is disabled)
|The password to join the WiFi network.|
|Identity certificate||Upload Simple Certificate Enrollment Protocol (SCEP) or Public Key Cryptography Standards (PKCS) certificate profiles in Policies > select an existing policy or create a new one > iOS > Security > Certificates > Add Certificates, and they’ll be displayed in the ‘Identity certificate’ field. You can select one from the list. More details about the certificates can be found in the certificates help page.|
|Outer identity||The username for the secure tunnel for passing the username and password.|
Proxy server act as an intermediary between the device and internet, so the devices can be secured from attacks. To start with, choose the proxy setup type.
If you don’t want to use a proxy server, then select this option.
To set up proxy manually, provide
- Server – The proxy server name or IP address of the proxy server.
- Port – Port number of the proxy server.
- Authentication – Username to get authenticated with the proxy server.
- Password – Password required to authenticate to the proxy server.
If you are using a proxy server but don’t prefer to set it up manually, just provide the proxy server URL and Hexnode MDM will configure the rest for you.
Push WiFi Network Configuration to iOS
To push WiFi network configuration to a device,
- From Policy Targets tab, click on + Add Devices.
- Search and select all devices to which the configuration needs to the applied.
You can associate the configuration with device groups, users or user groups from Policy Targets.
To associate the policy from the page listing the policies,
- Check the policies that are needed to be associated with a device.
- From Manage, select Associate Targets.
- Select the devices.