Use Miradore's configuration profiles to add specific WiFi settings to your iOS devices. With configuration profiles, you may store certain WiFi settings and deploy them to multiple devices. This article instructs how to create a WiFi configuration profile for your iOS devices and provides an example of how to configure WPA/WPA2 Enterprise networks with protocols like EAP-TLS and PEAP.
If you want to limit access only to the WiFi networks set up via this configuration profile, use the restriction designed for the purpose. You can configure the restriction from Miradore Configuration profiles > iOS > Restrictions and choose Force Wi-Fi allowlisting.
How to configure Wi-Fi profile
1. In Miradore, go to Management > Configuration profiles and press the button Add on the top of the page.
2. Select the platform iOS and from the next step the option WiFi.
3. Define the configuration for the profile.
There are three tabs for different settings:
- Enrollment Wi-Fi network: The basic settings like SSID, network visibility, and security mode are defined.
- Wi-Fi proxy: Define the WiFi network's proxy server settings.
- EAP settings: Configure WPA/WPA2 Enterprise WiFi network settings.
4. Define a name and description for the configuration profile, and press Create to finish the configuration.
Example: Creating WPA/WPA2 Enterprise WiFi network configuration
1. Before you can define the EAP settings, you need to choose security mode "WPA/WPA2 (Enterprise)" from the Enrollment Wi-Fi network tab.
2. Go to EAP settings tab and define WPA/WPA2 Enterprise WiFi network configuration settings.
On the EAP settings tab, there are a few basic configurations:
- Accepted EAP types, which are used to authenticate secured wireless connections.
- Trusted certificate that defines a trusted root certificate for the connection. This field is mandatory. The dropdown list shows the certificates added to Miradore Management > Files and certificates - Certificates. Trusted certificates do not have a private key.
- Trusted server certificate names, to list all the accepted server certificate common names. In case, the server presents a certificate not on this list, it will not be trusted.
There might be more configurable settings appearing, depending on the EAP type chosen:
- Identity certificate defines the certificate for EAP-TLS and it is mandatory for this EAP type, but it also allows two-factor authentication for EAP-TTLS, PEAP, and EAP-FAST. This certificate must be digitally signed with a private key.
There is no need to deploy required certificates separately to devices. The configuration profile deployment is installing also related certificates to the devices.
Deployment and monitoring
You can deploy the WiFi configuration profile from Management > Configuration profile. Choose the correct profile from the list and press Deploy. Read more detailed instructions on how to deploy configuration profiles in Miradore.
You may monitor the progress of the configuration profile deployment from:
- Management > Action log
- Management > Devices > Device page (Action log tab)
Have feedback on this article? Please share it with us!
« Disabling Wi-Fi MAC address randomization on iPhones or iPads
Custom configuration profiles for iOS devices »