Skip to content

Wi-Fi configuration (iOS user policy)

The Wi-Fi configuration lets you specify settings for connecting to Wi-Fi networks.

Restriction

For Apple User Enrollment devices, the Wi-Fi configuration doesn’t support proxy settings. To use a proxy server, configure it on your access point using the Web Proxy Auto-Discovery (WPAD) protocol. To let the device discover your proxy server, users must go to the settings for your Wi-Fi network and set HTTP Proxy to Automatic.

Setting Description
SSID The name of the Wi-Fi network.
Connect automatically Automatically connect when the Wi-Fi network is available.
Hidden network The Wi-Fi network doesn’t broadcast its SSID.
Turn off private address

Join the network using the device’s hardware MAC address instead of a network-specific address created by iOS.

This setting reduces the connection’s privacy. Only use it if the device must identify itself using the same MAC address across your networks.

Note that Synchronized Security doesn’t work for devices that use a private MAC address. Sophos Central Wireless only knows the private address of a device, while Sophos Mobile only knows the hardware address.

Security type The Wi-Fi security method (such as WPA2) and variant (Personal or Enterprise) the device uses.
Password

The password for the Wi-Fi network.

This option is available when you’ve selected a personal security type.

Protocols

The authentication protocol settings.

  • Accepted EAP types: The EAP types that the device accepts for authentication.
  • EAP-FAST: For EAP-FAST, you can configure a Protected Access Credential (PAC).
  • Internal identity: The protocol for tunneled user authentication (for TTLS).
  • TLS minimum version, TLS maximum version: The minimum and maximum versions of the TLS protocol that the device accepts for EAP authentication.

Protocols is available when you’ve selected an enterprise security type.

Authentication

The client authentication settings.

  • User: The username for the connection to the Wi-Fi network.
  • Require password on each connect: Select this to send the password with every authentication.
  • Password: The password for the Wi-Fi network.
  • Identity certificate: The certificate for the connection to the Wi-Fi network. Before you can select a certificate, you must add it to the policy with a Client certificate configuration.
  • External identity: The externally visible ID (for TTLS, PEAP, and EAP-FAST).

Authentication is available when you’ve selected an enterprise security type.

Trusted certificates

The server certificate.

Before you can select a certificate, you must add it to the policy with a Root certificate configuration.

Trusted certificates is available when you’ve selected an enterprise security type.