Hexnode allows the admins to securely configure Wi-Fi network remotely from the MDM console, allowing the devices to directly connect to the network without entering a password.
Set up Wi-Fi network via policy
To configure Wi-Fi networks remotely via policy,
- Login to your Hexnode MDM portal.
- Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
- Go to macOS > Network > Wi-Fi. Click Configure.
|Service Set Identifier||The name of a Wi-Fi network abbreviated as SSID.|
|Auto join||The devices will automatically get connected to the network configured here when they come in the vicinity of the Wi-Fi network. Enabled by default.|
|Hidden network||Specifies whether the configured Wi-Fi network is hidden or not. By default, connection to a hidden network is restricted.|
|Security type||Select a security type and configure the remaining options accordingly. The available security types are: None, WEP, WPA/WPA2, Any (Personal), WEP Enterprise, WPA/WPA2 Enterprise, Any (Enterprise).|
‘None’ specifies that no security type has been set for the Wi-Fi network thus making the devices prone to vulnerability. Instead, if WEP, WPA/WPA2, or Any (Personal) security types are selected, the admin should enter a valid password for the devices to connect automatically to the network.
Alternatively, to set up an enterprise network, additional settings should be configured as mentioned below:
Configuration for WEP Enterprise, WPA/WPA2 Enterprise and Any (Enterprise) Network Security Types
|Accepted EAP types||Select the authentication framework for your enterprise network. The available options are TLS, LEAP, EAP-FAST, TTLS, PEAP and EAP-SIM. TTLS is enabled by default.|
(If TTLS is selected)
|The available options are PAP (default), CHAP, MSCHAP and MSCHAPv2. PAP is the least secure one, which sends the password as a plain text. CHAP is secure than PAP. Instead of a plain text, a random number and the result of a hash function (which is performed on the password) is sent. MSCHAP is another variant of CHAP and is introduced by Microsoft. MSCHAP requires a mutual authentication. In mutual authentication, any data is sent between the device and the server only after the device proves its identity to the server and the server proves its identity back to the device.|
(Applicable only if EAP-FAST is selected)
|Protected Access Credentials (PAC) can be used for WiFi network connections.|
(If PAC is used)
|The server creates a PAC file for a specific user by authenticating by using the user’s password. The PAC file can be used to make a connection with the network.|
|Provision PAC Anonymously
(If PAC is provisioned)
|PAC is provisioned without authenticating with the server.|
|Username||The account name of the user. Use %username% to fetch the data automatically from the MDM console.|
|Use per connection password||The device will prompt for a password every time the user tries to connect to the network.|
(If Per connection password is not used)
|If a password is not required for every connection, then a one-time password can be provided here.|
|Outer identity||The username of the secure tunnel which transfers the authentication credentials.|
Setting up Proxy
A proxy server serves as an intermediary between the devices and the internet. The devices can be secured from external attacks. There are three options available, None, Manual and Automatic.
To skip setting up a proxy server, choose None. To set up a proxy, choose any of the other two options.
Manual Proxy Configuration
If you are setting up the proxy manually, enter the below details:
- Server: The address of the proxy server.
- Port: Port number of the proxy server.
- Authentication: Username to get authenticated to the server.
- Password: Password associated with username provided above.
Automatic Configuration of Proxy Server
Choose this option to get the proxy set up automatically by just providing the proxy server URL and Hexnode will take care of the rest.
Associate the configured policy to devices/groups
If the policy has not been saved,
- Navigate to Policy Targets > +Add Devices.
- Choose the target devices and click Ok. Click Save.
- You can also choose to associate the policy to device groups, users, user groups or domains from the left pane of Policy Targets tab.
If the policy has been saved,
- Go to Policies tab and choose the desired policy.
- Click on Manage drop-down, select Associate Targets.
- Choose the target entities and click Associate.