Use the Wifi settings to provide connection parameters that enforce the use of the corporate wifi network on macOS devices.
The following table describes the connection parameters that are required to enforce a wifi connection:
|Configure for Type
|The type of wifi connection. This setting supports the following types:
|Service Set Identifier (SSID)
|The SSID of the wifi network.
|Users can join the wifi network automatically. If this setting is disabled, users must select the network name to join the network.
|The wifi network is hidden and not broadcasting the SSID.
|Passpoint: The network is treated as a hotspot.
|The security protocol of the wifi network. The supported encryption standards are WEP, WPA, Any, or None. The encryption types must match the capabilities of the network access point. If you are not sure about the encryption type, or want to apply to all encryption types, use Any.
|Accepted EAP Types
|The supported Extensible Authentication Protocol (EAP) authentication types.
|Use Protected Access Credential(PAC) (for EAP-FAST)
|Inner Authentication Protocol (for TTLS)
|The inner authentication used by the TTLS module. The supported values are PAP, CHAP, MSCHAP, or MSCHAPV2.
|The user name of the wifi network. Enter
%username% to allow users to use
their corporate credentials.
|Outer Identity Username
|The user name that appears only in the encrypted tunnel and allows users to hide their identity. This setting applies to TTLS, PEAP, or EAP-FAST.
|The trusted certificates that are required for authentication. The device does not prompt the user for certificates if the selected certificate is trusted.
|Trusted Certificate Name
|The list of common certificate names that are trusted and accepted for the network. You can
use wildcards to specify the name, such as
wpa.*.example.com. If a server provides
a certificate that is not in this list, the certificate is not trusted.
|Allow Trust Exceptions
|The user can choose trust decisions (from a dialog window) when a certificate is not trusted. Otherwise, authentication fails if the certificate is not already trusted.
|Use Per Connection Password
|Users are prompted for a password each time they connect to the network.
|Password for Authenticating a Wireless Network
|The password that is used to authenticate to a wireless network. If a password is not provided, the network is still added to the known networks and users are prompted to provide a password when they connect to that network.
|The certificate payload that is used for the identity certificate.
|If you choose the manual proxy type, you must provide the proxy server address including the proxy server port number and optionally, a username and password. If you choose the auto proxy type, enter a Proxy (PAC) URL.
|Disable Captive Network Detection
|Captive Network detection is bypassed when the device connects to the network.
|Enable QoS Marking for Apps
|QoS (Quality of Service) Packet Marking helps define the L2 and L3 level configuration of the
wifi network. The administrator can define which apps can access these levels of the network to
avoid usage, making the network slow.