Category filter
Set up Wi-Fi on ChromeOS devices from Hexnode UEM
This guide will help you set up Wi-Fi on ChromeOS devices using Hexnode UEM.
Managing Wi-Fi connections manually across multiple ChromeOS devices can be time-consuming and prone to user error. Hexnode UEM simplifies this by allowing IT administrators to remotely configure and deploy Wi-Fi settings to all managed devices. Once configured, the devices can automatically connect to the assigned network without needing the users to enter passwords or adjust any settings themselves.
This ensures a secure, consistent, and seamless Wi-Fi experience across the entire fleet of devices.
- Deploying a Wi-Fi policy from the Hexnode UEM portal will override any existing Wi-Fi configurations set via the Google Admin console.
- You can configure multiple Wi-Fi networks within a single policy in Hexnode UEM by clicking the +Add Wi-Fi button.
Setting up Wi-Fi on ChromeOS devices
To configure the Wi-Fi network on ChromeOS devices,
- Log in to the Hexnode UEM portal.
- Navigate to the Policies tab.
- Click the New policy button to create a new blank policy or continue with an existing policy.
- Provide a suitable name and description for the policy in the required fields.
- Select ChromeOS and go to Network > Wi-Fi.
- Click Configure to set up the Wi-Fi network settings.
| Wi-Fi settings | Description |
|---|---|
| Service Set Identifier | The Service Set Identifier (SSID) represents the name of the Wi-Fi network. |
| Hidden SSID | When this option is enabled, the device can connect to Wi-Fi networks that do not broadcast their SSID. These hidden networks will not show up in the list of available networks. |
| Security | Specifies the type of security protocol used by the Wi-Fi network. The available security types include None, WEP, WPA/WPA2, WEP/WPA2 Enterprise, and Dynamic WEP. |
| Password (if Security is WEP or WPA/WPA2) | Provide the password that is used to connect to the Wi-Fi network. |
| Auto-connect | When enabled, the device will automatically connect to the specified Wi-Fi network whenever it is within range, without needing user intervention. |
| User can override IP Configuration | Allows users to override IP configuration settings. |
| User can override DNS configuration | Allows users to override DNS (Name Server) configuration settings. |
| Name Server | Server that handles the translation of domain names into IP addresses using the Domain Name System (DNS). Choose from the available options: Automatic Name Servers, Google Name Servers, or Custom Name Servers. |
| Proxy | A proxy server acts as an intermediary between the device and the internet, offering added security by protecting devices from attacks. Choose from the available options: None, Manual, or Automatic. |
Configuring Security
- None: Selecting None means you’re connecting to an open Wi-Fi network, so no additional setup is needed.
- WEP, WPA/WPA2: For these network types, the administrator only needs to push the network password via Hexnode UEM. Device-end users can then connect without manually entering the password.
- WEP/WPA2 Enterprise, Dynamic WEP: To connect to networks using these Enterprise or Dynamic security protocols, the following settings must be configured:
- Automatic (default) – The system selects the best available authentication method.
- MD5 – Uses a challenge-response mechanism with MD5 hashing for basic password protection, without mutual authentication.
- PAP – Sends your actual username and password in plain text, without any protection or encryption.
- MS-CHAP – Uses your real credentials but hides them by converting the password into a coded form; doesn’t check if the server is legitimate.
- MS-CHAP V2 – Uses your real credentials, protects them better than MS-CHAP, and also checks that the server is genuine.
- GTC: Authentication using token-based credentials or one-time passwords (OTPs).
| Protocols | Description |
|---|---|
| Accepted EAP Types | Select the authentication framework for your enterprise network. The available options are EAP–TLS, PEAP, LEAP, EAP-TTLS, and EAP-PWD. |
| Maximum TLS Version (applicable only if EAP-TLS is selected) | Sets the maximum TLS version of the EAP (Extensible Authentication Protocol). The available versions are 1.0, 1.1, and 1.2. |
| Username (applicable only if EAP-TLS, PEAP, LEAP, EAP-TTLS, or EAP-PWD is selected) | Enter a username provided by the enterprise to connect to its network. The usage of the wildcard %username% is supported. |
| Password (applicable only if PEAP, LEAP, EAP-TTLS, or EAP-PWD is selected) | Enter the password associated with the username entered in the Username field to authenticate with the network. |
| Inner Identity (applicable only if PEAP or EAP-TTLS is selected) | Inner identity is the user’s actual credentials, like a username and password, used to authenticate with the network. The available authentication methods that use inner identity are:
|
| Outer Identity (applicable only if PEAP or EAP-TTLS is selected) | Enter a username to pass through the secure tunnel before passing the original username and password during authentication. |
Configuring Name Server
| Name Server | Description |
|---|---|
| Automatic Name Servers | Choosing this option configures the device to use the DNS servers automatically provided by the current network connection. |
| Google Name Servers | Choosing this option configures the device to use Google’s public DNS servers. |
| Custom Name Servers | Choosing this option lets you manually enter one or more DNS server IP addresses. |
Configuring Proxy
A proxy server acts as a middleman between your device and the internet, masking the client system’s IP address to improve security. There are three options: None, Manual, and Automatic.
- None: If you don’t want to use a proxy server, select this option.
- Manual: Choose this option to manually configure the proxy by entering the following details:
- HTTP Server: Provide the hostname or IP address of the proxy server used to handle HTTP traffic.
- HTTP Port: Specify the port number used by the proxy for HTTP traffic.
- HTTPS Server: Provide the hostname or IP address that manages secure web traffic (HTTPS) connections.
- HTTPS Port: Specify the port number used by the proxy for HTTPS traffic.
- FTP Host: Provide the proxy server address used for handling FTP (File Transfer Protocol) traffic.
- FTP Port: Specify the port number used by the proxy for FTP traffic.
- SOCKS Host: Provide the hostname or IP address of the SOCKS proxy server for routing all types of network traffic.
- SOCKS Port: Specify the port number used by the SOCKS proxy for communication.
- Automatic: If you want to use a proxy server but don’t prefer to set it up manually, just provide the proxy server URL, and Hexnode UEM will configure the rest for you.
How to associate policies with devices/groups?
To associate policy with ChromeOS devices,
- Navigate to Policy Targets > Domains/OUs.
- Click on +Add Domains/OUs. From the list, click the dropdown corresponding to the Google Workspace account integrated with Hexnode UEM.
- The parent OUs will be listed and click the dropdown next to the parent OU to view its child OUs.
- Select the required child OU/parent OU and click OK.
- Click Save to associate the policy with the devices in the selected OU.
What happens at the device end?
Once the policy reaches the device end, the device will automatically connect itself to the network when it enters the range of the configured Wi-Fi, provided Auto-connect is enabled in the Wi-Fi policy configurations in Hexnode.
If Auto-connect is disabled, users can still manually connect to the network as needed. In this case, they won’t be asked to enter the network password; simply selecting the network name from the available Wi-Fi list will establish the connection automatically.
If a proxy server is specified in the policy, the device will use that proxy to access the internet while connected to the configured Wi-Fi network.
If the policy is removed, the Wi-Fi settings will be automatically deleted from the device.
