barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfoinfo-circlesign-in-altsignin text-widthtimesyoutube

macOS > Device Data & Configuration

Configure Wi-Fi settings for macOS devices

Updated on August 27th, 2025

In this articleToggle Table of Content

Use Miradore's configuration profiles to add specific Wi-Fi settings to your macOS devices. With configuration profiles, you may store certain Wi-Fi settings and deploy them to multiple devices.

Configure the Wi-Fi profile

  1. Navigate to Management > Configuration profiles and select Add.
  2. Select macOS, then select Next.
  3. Select Wi-Fi, then select Next.
  4. Define the configuration for the profile.
    MacOS Wi-Fi configuration profile wizard
    The following settings are available on each tab of the dialog:

    • Wi-Fi network: SSID, network visibility, auto-joining, and security mode
    • Wi-Fi proxy: proxy server settings for the Wi-Fi network
    • EAP settings: accepted EAP types, trusted certificate, and trusted certificate names for WPA-Enterprise, WPA2-Enterprise, and WPA3-Enterprise Wi-Fi networks
      Note: EAP settings are only visible if the WPA/WPA2 (Enterprise) or WPA3 (Enterprise) security mode is selected on the Wi-Fi network tab. See Creating a WPA/WPA2 (Enterprise) or WPA3 (Enterprise) Wi-Fi network configuration for detailed information on specific EAP settings.
  5. Enter a name and description for the configuration profile, and select Create to finish the configuration.
  6. Deploy the configuration profile to the managed macOS devices.

Defining the configuration

Wi-Fi network

Setting Description
SSID The name of the Wi-Fi network. This field cannot be empty.
Hidden network Defines whether the network is hidden.
Auto join Defines whether devices can automatically join the network.
Security mode The security protocol used for the network. The following options are available:

  • None: the network does not use any security protocol.
  • WEP: the network uses the WEP security protocol.
  • WPA/WPA2: the network uses the WPA or WPA2 security protocol for personal networks.
  • WPA3: the network uses the WPA3-Personal security protocol.
    Note: If the security mode is set to WPA3, but the network uses a WPA2 security protocol, devices cannot automatically join the network. In such cases, you can manually connect the device through its settings. For password-protected networks, use the Password field in the configuration profile wizard to apply the password to the device. This allows the device to automatically populate the password and establish a connection when the Wi-Fi network is selected in its settings. However, if the configuration profile does not include the password or the password deployed with the configuration profile is incorrect, the device owner needs to manually enter it to connect to the network.
    WPA3 is supported on any Mac model released in late 2013 or later, equipped with 802.11ac Wi-Fi or a more recent standard.
  • Any (Personal): devices can connect to personal networks using any security protocol.
  • WPA/WPA2 (Enterprise): the network uses the WPA-Enterprise or WPA2-Enterprise security protocol.
  • WPA3 (Enterprise): the network uses the WPA-Enterprise or WPA3-Enterprise security protocol.
    Note: If the security mode is set to WPA3 (Enterprise), but the network uses a WPA-Enterprise or WPA2-Enterprise security protocol, devices cannot automatically join the network. In such cases, you can manually connect the device through its settings. For password-protected networks, use the Password field in the configuration profile wizard to apply the password to the device. This allows the device to automatically populate the password and establish a connection when the Wi-Fi network is selected in its settings. However, if the configuration profile does not include the password or the password deployed with the configuration profile is incorrect, the device owner needs to manually enter it to connect to the network.
    WPA3-Enterprise is supported on all Mac models with Apple silicon.

Note: In the case of devices running a lower version than macOS 13, the specified security mode must align with the security protocol used in the Wi-Fi network, unless the selected security mode is Any (Personal). Otherwise, the device cannot join the network.
Password The password used for joining the network. This option is only visible for the following security modes:

  • WEP
  • WPA/WPA2
  • WPA3
  • Any (Personal)

Wi-Fi proxy

On the Wi-Fi proxy tab, define the network's proxy settings. Select one of the following options from the Proxy drop-down menu:

  • None: the connection does not use a proxy.
  • Manual: proxy settings are manually defined in the configuration profile.
  • Automatic: the network uses a proxy server.

Depending on the selected proxy setting, the following settings become available:

Manual proxy settings

Setting Description
Server host name The fully qualified address of the proxy server.
Port The port of the proxy server.
Use user-specific proxy account settings Enabling this setting allows the use of account settings for the specific user(s) the configuration is deployed for. If enabled, the proxy account must be selected from the Proxy account drop-down menu.

If you do not enable this setting, the same account name and password are used for all devices that the configuration profile is deployed to, as defined in the Username and Password settings.
Proxy account This setting is available if the Use user-specific proxy account settings option is checked.

Select the user whose proxy server connection settings will be deployed to the device. Settings for the account must be configured for each user for whom the configuration profile will be deployed.
Note: To add proxy settings to an existing user entry in Miradore, open the specific user page available under Company > Users, then edit the proxy settings on the Proxy accounts tab.
Username This setting is available if the Use user-specific proxy account settings option is unchecked.

The username that must be used to connect to the proxy server. The same username is used on all devices to which the configuration profile is deployed.
Password This setting is available if the Use user-specific proxy account settings option is unchecked.

The password that must be used to connect to the proxy server. The same password is used on all devices to which the configuration profile is deployed.

Automatic proxy settings

Setting Description
Proxy server URL The URL of the proxy server from which to fetch the proxy settings.

Creating a WPA/WPA2 (Enterprise) or WPA3 (Enterprise) Wi-Fi network configuration

If WPA/WPA 2 (Enterprise) or WPA3 (Enterprise) is selected as the security mode on the Wi-Fi network tab, you can configure various EAP settings for the network, available under the EAP settings tab.

Miradore - ios wifi eap settings

The following settings are immediately available on the EAP settings tab:

Setting Description
Accepted EAP types Specify the EAP type(s) that will be used to authenticate secured wireless connections. It is possible to use multiple EAP types simultaneously.
Trusted certificate Define a trusted root certificate for the connection. This field is mandatory for all EAP types. The drop-down list shows the certificates added to Miradore (Management > Files and certificates > Certificates tab). Trusted certificates do not have a private key.
Trusted server certificate names Define the accepted server certificate common names. In case the server presents a certificate that is not on the list, it will not be trusted. You can add multiple certificate names by entering a certificate name, selecting Add, then entering the next certificate name. Certificate names can be removed from the list by selecting the Trash icon icon.

EAP type-dependent additional settings

Depending on the selected EAP type, additional settings become available for the following EAP types:

  • TLS
  • LEAP
  • EAP-SIM
  • TTLS
  • PEAP
  • EAP-FAST
Setting Description Applicable accepted EAP type
Identity certificate Define the certificate for TLS. This setting must be configured for TLS connections. Additionally, when this setting is configured, it also allows two-factor authentication for TTLS, PEAP, and EAP-FAST. TLS, TTLS, PEAP, EAP-FAST
Outer identity (externally visible identification) Define the externally visible identity for EAP, TTLS, PEAP, and EAP-FAST connections. This setting allows the user to hide their identity, for example, when setting it to anonymous. The user's actual name appears only inside the encrypted tunnel. TTLS, PEAP, EAP-FAST
TTLS inner authentication protocol Define the inner authentication protocol for a TTLS connection. TTLS
User name Define the username for authentication when using LEAP, TTLS, PEAP, or EAP-FAST. If this field is left empty, the user is not prompted for authentication upon joining the network. LEAP, TTLS, PEAP, EAP-FAST
Password Define the password for authentication when using LEAP, TTLS, PEAP, or EAP-FAST. If this field is left empty, the user is not prompted for authentication upon joining the network. LEAP, TTLS, PEAP, EAP-FAST
Minimum TLS version Define the minimum version of TLS to be used with the EAP authentication. This setting is available for TLS, TTLS, PEAP, and EAP-FAST connections and is available in macOS 10.13 and later. TLS, TTLS, PEAP, EAP-FAST
Maximum TLS version Define the maximum version of TLS to be used with the EAP authentication. This setting is available for TLS, TTLS, PEAP, and EAP-FAST connections and is available in macOS 10.13 and later. TLS, TTLS, PEAP, EAP-FAST
Use PAC (Proxy auto-config) Define whether the device will use an existing PAC when using EAP-FAST. Otherwise, the server must present its identity using a certificate. EAP-FAST
Minimum amount of RAND values Define the minimum number of RAND values to accept from the server. EAP-SIM
Use per-connection password Define whether the user is prompted to use a password each time they connect to the network. LEAP, TTLS, PEAP, EAP-FAST
System mode uses Open Directory credentials Define whether the system mode connection should use the computer name and password associated with the user's Open Directory entry to connect to the network. If this setting is enabled, the System mode credentials source option cannot be set. TLS, LEAP, EAP-SIM, TTLS, EAP-AKA, PEAP, EAP-FAST
System mode credentials source Define whether the system mode should use the computer name and password associated with the user's Active Directory entry to connect to the network. If this setting is enabled, the System mode uses Open Directory credentials option cannot be set. TLS, LEAP, EAP-SIM, TTLS, EAP-AKA, PEAP, EAP-FAST

Required certificates do not need to be deployed separately to the devices, because the configuration profile deployment also installs related certificates.

Monitoring

You can monitor the progress of the configuration profile deployment either on the Management > Action log page or on the individual devices' Device page available under Management > Devices.

Previous Article:
«

Next Article:
»

Get started with Miradore

Take control of your mobile devices today with Miradore’s MDM solution. You can get started for free and try out the Premium+ features with a 14-day free trial — or explore our Showroom with a virtual device fleet.

No credit card needed.

Get started now See plans & pricing