Wi-Fi configuration (macOS user policy)

The Wi-Fi configuration lets you specify settings for connecting to Wi-Fi networks.

Setting

Description

SSID

The name of the Wi-Fi network.

Connect automatically

Automatically connect when the Wi-Fi network is available.

Hidden network

The Wi-Fi network doesn’t broadcast its SSID.

Turn off private address

Join the network using the device’s hardware MAC address instead of a network-specific address created by iOS.

This setting reduces the connection’s privacy. Only use it if the device must identify itself using the same MAC address across your networks.

Note that Network Access Control (NAC) integration with a third-party NAC system doesn’t work for devices that use a private MAC address. The NAC system only knows the private address of a device, while Sophos Mobile only knows the hardware address.

Security type

The security type of the Wi-Fi network.

Password

The password for the Wi-Fi network.

This option is available when you’ve selected a personal security type.

Protocols

The authentication protocol settings.

  • Accepted EAP types: The EAP types that the device accepts for authentication.
  • EAP-FAST: For EAP-FAST, you can configure a Protected Access Credential (PAC).
  • Internal identity: The protocol for tunneled user authentication (for TTLS).
  • TLS minimum version, TLS maximum version: The minimum and maximum versions of the TLS protocol that the device accepts for EAP authentication.

Protocols is available when you’ve selected an enterprise security type.

Authentication

The client authentication settings.

  • User: The username for the connection to the Wi-Fi network.
  • Require password on each connect: Select this to send the password with every authentication.
  • Password: The password for the Wi-Fi network.
  • Identity certificate: The certificate for the connection to the Wi-Fi network. Before you can select a certificate, you must add it to the policy with a Client certificate configuration.
  • External identity: The externally visible ID (for TTLS, PEAP, and EAP-FAST).

Authentication is available when you’ve selected an enterprise security type.

Trusted certificates

The server certificate.

Before you can select a certificate, you must add it to the policy with a Root certificate configuration.

Trusted certificates is available when you’ve selected an enterprise security type.

Proxy

Select Manually to configure the connection details manually.

Select Automatic if you have a proxy auto-config (PAC) file.