Wi-Fi configuration (Android Enterprise work profile policy)
With the Wi-Fi configuration you specify settings for connecting to Wi-Fi networks.
Restriction
If your Wi-Fi network uses Extensible Authentication Protocol (EAP) authentication (EAP/PEAP, EAP/TLS, or EAP/TTLS), it must not be hidden. That is, the network must be broadcasting its SSID.
Setting | Description |
---|---|
SSID | The ID of the Wi-Fi network. |
Security type | The security type of the Wi-Fi connection:
When you select WEP, you can’t assign the policy to devices with Android 12 and later. |
Phase 2 authorization | The authentication method for phase 2 of the EAP negotiation:
This setting is only available for EAP/PEAP and EAP/TTLS connections. |
Identity | The user identity. This setting is only available for EAP connections. |
Anonymous identity | The pseudonym identity sent unencrypted in phase 1 of the EAP negotiation. This setting is only available for EAP connections. |
Password | The password for the Wi-Fi network. |
Identity certificate | The identity certificate for the connection to the Wi-Fi network. The list includes all certificates from Client certificate configurations of the current policy. This setting is only available for EAP connections. |
Trusted certificate | The root CA for the certificate of the EAP server. The list includes all certificates from Root certificate configurations of the current policy. This setting is only available for EAP connections. |
Domain suffix match | This setting validates the EAP server’s certificate by its DNS name. The value you enter must match a You can enter multiple values separated by semicolons. The certificate is valid if at least one value matches. You can’t use wildcards. Example: This setting is only available for EAP connections. |
Subject alternative name match | This setting validates the EAP server’s certificate by its Subject Alternative Name (SAN). The value you enter must match a substring of the certificate’s You can enter multiple values separated by semicolons. The certificate is valid if at least one value matches. Example: This setting is only available for EAP connections. Subject alternative name match is an advanced setting. We recommend you use the Domain suffix match setting instead of this setting, where possible. |