Use Miradore's Wi-Fi configuration profile to add specific Wi-Fi settings to your Android devices.
Important information
You can limit access only to the Wi-Fi networks set up via this configuration profile for fully managed devices. To do so, use the restriction designed for this purpose. You can configure the restriction by navigating to Configuration profiles > Android > Restrictions and choosing Denied for the Wi-Fi configuration option on the Fully managed tab.
Configure the Wi-Fi profile
- Navigate to Management > Configuration profiles and select Add.
- Select Android, then select Next.
- Select Wi-Fi, then select Next.
- Define the configuration for the profile.
Depending on the configuration, the following settings are available on each tab of the dialog:- Wi-Fi network:
- SSID
- Network visibility
- Security mode
- Pre-shared WPA key (for WPA/WPA2/WPA3 only)
- EAP settings:
- Accepted EAP types
- Identity certificate
- Trusted certificate
- Domain suffix match
- Certificate subject match
- Outer identity
- Phase 2 authentication method (for TTLS or PEAP only)
- Username (for TTLS or PEAP only)
- Password (for TTLS or PEAP only)
Note: EAP settings are only visible if the WPA/WPA2/WPA3 (Enterprise) security mode is selected on the Wi-Fi network tab. See Creating a WPA/WPA2/WPA3 (Enterprise) Wi-Fi network configuration for detailed information on specific EAP settings.
- Wi-Fi network:
- Enter a name and description for the configuration profile, and select Create to finish the configuration.
- Deploy the configuration profile to the managed Android devices.
Tip: Consider adding the configuration profile to a business policy to automate deployment.
Defining the configuration
The following settings are available on the Wi-Fi network tab:
| Setting | Description |
|---|---|
| SSID | The name of the Wi-Fi network. This field cannot be empty. |
| Hidden network | Defines whether the network is hidden. |
| Security mode | The security protocol used for the network. The following options are available:
|
| WPA preshared key | The password used for joining the network. This option is only visible for the WPA/WPA2/WPA3 security mode. |
Creating a WPA/WPA2/WPA3 (Enterprise) Wi-Fi network configuration
If WPA/WPA2/WPA3 (Enterprise) is selected as the security mode on the Wi-Fi network tab, you can configure various EAP settings for the network, available under the EAP settings tab.
The following settings are available on the EAP settings tab:
| Setting | Description |
|---|---|
| Accepted EAP type | Specify the EAP type that is used to authenticate secured wireless connections. The following EAP types are available:
|
| Identity certificate | Define the identity certificate for authentication. With this setting, two-factor authentication is available for TTLS and PEAP. The certificate must be digitally signed with a private key.
The drop-down list shows the certificates added to Miradore (Management > Files and certificates > Certificates tab). Note: You do not have to deploy the certificate to the device separately, as the configuration profile deployment installs it on the device. |
| Trusted certificate | Define a trusted root certificate for the connection. This field is mandatory for all EAP types.
The drop-down list shows the certificates added to Miradore (Management > Files and certificates > Certificates tab). Note: You do not have to deploy the certificate to the device separately, as the configuration profile deployment installs it on the device. |
| Domain suffix match | Define a list of certificate suffixes that are accepted by entering the suffix and selecting Add. You can add multiple suffixes to the list. If a server presents a certificate that is not included in the list, it will not be trusted. |
| Certificate subject match | Define a list of substrings that are matched against the subject of the authentication server certificate by entering the substring and selecting Add. You can add multiple entries to the list. |
| Outer identity (externally visible identification) | Define the externally visible identity for the EAP connection. With this setting, users can hide their identity. The real identity of the user is only visible inside the encrypted tunnel. |
| Phase 2 authentication method | This setting is only available if the selected Accepted EAP type is TTLS or PEAP.
Define the inner authentication for the security protocol. The following values are available for TTLS:
The following values are available for PEAP:
|
| User name | This setting is only available if the selected Accepted EAP type is TTLS or PEAP.
Define the username for authentication when using TTLS or PEAP. If this field is left empty, the user is not prompted for authentication upon joining the network. |
| Password | This setting is only available if the selected Accepted EAP type is TTLS or PEAP.
Define the password for authentication when using TTLS or PEAP. If this field is left empty, the user is not prompted for authentication upon joining the network. |
Monitoring
You can monitor the progress of the configuration profile deployment either on the Management > Action log page or on the individual devices' Device page available under Management > Devices.
Previous Article:
« Restrictions on Android devices
Next Article:
Collected Android inventory »