WPA Enterprise authentication
Wi-Fi Protected Access-Enterprise (WPA-Enterprise) is a wireless security mechanism designed for small to large enterprise wireless networks. It is an enhancement to the WPA security protocol with advanced authentication and encryption.
Use the following guidelines to set up WPA Enterprise authentication:
Item |
Description |
Name |
Enter the name to use to reference this configuration in Ivanti EPMM. |
Network Name (SSID) |
Enter the name (i.e., service set identifier) of the Wi-Fi network these settings apply to. This field is case sensitive.
|
Description |
Enter additional text to clarify the purpose of this group of Wi-Fi settings. |
Hidden Network |
Select this option if the SSID is not broadcast. |
Authentication |
Select WPA Enterprise. |
Data Encryption |
•
•
|
User Name |
Specify the variable to use as the user name when establishing the Wi-Fi connection. See Supported variables for Wi-Fi authentication |
Password |
Specify the variable to use and any necessary custom formatting for the Wi-Fi password. The default variable selected is $PASSWORD$. Enter additional variables or text in the text box adjacent to the Password field. Entries in this text box are kept hidden and will not be visible to any Ivanti EPMM administrator. If you specify $PASSWORD$, also enable Save User Password under Settings > System Settings > Users & Devices > Registration. All variables and text up to the last valid variable will be visible. Anything after the last valid variable will not be visible. The valid variable may appear in either of the password fields. |
Apply to Certificates |
Configure this field with the CA certificate needed to validate the Identity Certificate presented by the Wi-Fi Access Point. It is not the CA certificate needed to validate the Identity Certificate sent to the device in the Wi-Fi configuration. If you configure multiple certificates, either as root certificates in separate files, or chain certificates in a single file, they appear in the CA cert drop-down on the client, however, “unspecified” is the selected value for the certificate. |
Trusted Certificate Names |
This feature is not supported on Android devices. If you did not specify trusted certificates in the Apply to Certificates list, then enter the names of the authentication servers to be trusted. You can specify a particular server, such as server.mycompany.com or a partial name such as *.mycompany.com. |
Allow Trust Exceptions |
This feature is not supported on Android devices. Select this option to let users decide to trust a server when the chain of trust can’t be established. To avoid these prompts, and to permit connections only to trusted services, turn off this option and upload all necessary certificates. |
Use Per-connection Password |
This feature is not supported on Android devices. Select this option to prompt the user to enter a password each time the device connects to the Wi-Fi network. |
EAP Type |
Select the authentication protocol used: •PEAP •TLS •TTLS You must select only one protocol. If you select EAP-FAST, then you also need to specify the Protected Access Credential (PAC). If you select TLS, then you must specify an Identity Certificate. If you select TTLS, then you must also specify the Inner Identity Authentication Protocol. You may optionally specify an Outer Identity
|
Connects To |
Select Internet or Work. |
Apple Settings |
These features are not supported on Android devices.
|
Android Settings |
|
Windows Settings |
These settings apply only to Windows devices. |