Configure Wi-Fi Settings to connect the devices to a corporate network. Hexnode allows the admin to configure Wi-Fi remotely via policy and push the configured policy to the device to set up network configurations over-the-air. This allows the end-users to connect to the network without entering a password. This functionality is available on all pricing plans.
Configuring Wi-Fi settings via policy
To configure Wi-Fi settings via policy,
- Login to your Hexnode MDM portal.
- Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
- Go to iOS > Network > Wi-Fi. Click Configure.
You can add as many WiFi networks by clicking on + Add more button.
|Service Set Identifier||Service Set Identifier (SSID) denotes the name of the Wi-Fi network.|
|Auto Join||Allow the device to automatically connect to the Wi-Fi network when the device enters the network’s service area. Enabled by default.|
|Hidden Network||Allow users to connect to a WiFi network which is hidden, the one whose SSID is not broadcasting. By default, connecting to hidden networks is disabled.|
|Security Type||There are seven options to choose from – None, WEP, WPA/WPA2, Any (personal), WEP Enterprise, WPA/WPA2 Enterprise and Any Enterprise. The rest of the WiFi network configuration depends on the security type. Any (personal) is set as the default security type.|
|Proxy||Set proxy, the available methods are None (default), Manual and Automatic.|
Configuring Network Security Types
- None:By choosing None, you are trying to connect to an open Wi-Fi network. So, there isn’t anything else to configure.
- WEP, WPA/WPA2 or Any (personal): For these security types, the user should enter a password to connect to the network.
- WEP Enterprise, WPA/WPA2 Enterprise or Any Enterprise: Set up the below options to connect to a network which is protected by any of these Enterprise security types:
|Accepted EAP types||Select all applicable Extensible Authentication Protocols (EAPs). Available EAP types are TLS, LEAP, EAP-FAST, TTLS, PEAP, EAP-SIM. TTLS will be accepted by default, others are not.|
(Works only if EAP-FAST is enabled)
|Use Protected Access Credentials (PAC), which is stored on the device to show that the authentication is successful. Enable this option to use an existing PAC. Used by default if EAP-FAST is accepted.|
(Editable if PAC is used)
|Check this option to use PAC successfully. Used by default if EAP-FAST is accepted.|
|Provision PAC Anonymously
(Option available if PAC is provisioned)
|Provision PAC without authenticating with the server. Disabled by default.|
(Shown only if TTLS is accepted)
|Select from the list of authentication processes like PAP (default), CHAP, MSCHAP, MSCHAPv2. PAP, CHAP and MSCHAP (v1 and v2) are all peer-to-peer connection methods. Passwords are transferred as a plain text in PAP, whereas a hash function is applied on the password with a random number in the case of CHAP, and both the random number and the result of hash is sent in CHAP. MSCHAP is Microsoft’s own variant of CHAP. The second version of MSCHAP (MSCHAPv2) support mutual authentication.|
|Username||Username provided by the Enterprise to connect to its network.|
|Use per connection password||Per-connection password is one which is used to connect to a WiFi network and discarded once the connection is made. If this option is checked, the user needs to enter the password every time he tries connecting the device. Disabled by default.|
(Can be set if per connection password is disabled)
|The password to join the WiFi network.|
|Identity certificate||Upload Simple Certificate Enrollment Protocol (SCEP) or Public Key Cryptography Standards (PKCS) certificate profiles in Policies > select an existing policy or create a new one > iOS > Security > Certificates > Add Certificates, and they’ll be displayed in the ‘Identity certificate’ field. You can select one from the list.|
|Outer identity||The username for the secure tunnel for passing the username and password.|
Proxy server act as an intermediary between the device and internet, so the devices can be secured from attacks. To start with, choose the proxy setup type.
- None: If you don’t want to use a proxy server, then select this option.
- Manual: To set up proxy manually, provide the below details:
- Server – The server name or IP address of the proxy server.
- Port – Port number of the proxy server.
- Authentication – Username to get authenticated with the proxy server.
- Password – Password required to authenticate to the proxy server.
- Automatic: If you are using a proxy server but don’t prefer to set it up manually, just provide the proxy server URL and Hexnode MDM will configure the rest for you.
Associate the policy to devices/groups
If the policy has not been saved,
- Navigate to Policy Targets > +Add Devices.
- Choose the target devices and click OK. Click Save.
- You can also associate the policy to device groups, users, user groups or domains from the left pane of the Policy Targets tab.
If the policy has been saved,
- Go to Policies tab and choose the desired policy.
- Click on Manage drop-down and select Associate Targets.
- Choose the target entities and click Associate.