Shared authentication
Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. With SKA, a computer equipped with a wireless modem can fully access any WEP network and exchange encrypted or unencrypted data.
Use the following guidelines to set up shared authentication:
Item |
Description |
Name |
Enter the name to use to reference this configuration in Ivanti EPMM. |
Network Name (SSID) |
Enter the name (i.e., service set identifier) of the Wi-Fi network these settings apply to. This field is case sensitive.
|
Description |
Enter additional text to clarify the purpose of this group of Wi-Fi settings. |
Hidden Network |
Select this option if the SSID is not broadcast. |
Authentication |
Select Shared. |
Data Encryption |
|
Network Key |
|
Key Index |
WEP encryption If using multiple network keys, select a number indicating the memory position of the correct encryption key. |
Confirm Network Key |
|
User Name |
WEP Enterprise encryption Specify the variable to use as the user name when establishing the Wi-Fi connection. See Supported variables for Wi-Fi authentication. |
Password |
WEP Enterprise encryption Specify the variable to use and any necessary custom formatting for the Wi-Fi password. The default variable selected is $PASSWORD$. Enter additional variables or text in the text box adjacent to the Password field. Entries in this text box are kept hidden and will not be visible to any Ivanti EPMM administrator. Note the following: •If you specify $PASSWORD$, also enable Save User Password under Settings > System Settings > Users & Devices > Registration. •All variables and text up to the last valid variable will be visible. Anything after the last valid variable will not be visible. The valid variable may appear in either of the password fields. |
Apply to Certificates |
WEP Enterprise encryption Configure this field with the CA certificate needed to validate the Identity Certificate presented by the Wi-Fi Access Point. It is not the CA certificate needed to validate the Identity Certificate sent to the device in the Wi-Fi config. |
Trusted Certificate Names |
WEP Enterprise encryption. If you did not specify trusted certificates in the Apply to Certificates list, then enter the names of the authentication servers to be trusted. You can specify a particular server, such as server.mycompany.com or a partial name such as *.mycompany.com. |
Allow Trust Exceptions |
WEP Enterprise encryption. Select this option to let users decide to trust a server when the chain of trust can’t be established. To avoid these prompts, and to permit connections only to trusted services, turn off this option and upload all necessary certificates. |
Use Per-connection Password |
WEP Enterprise encryption. Select this option to prompt the user to enter a password each time the device connects to the Wi-Fi network. |
EAP Type |
Select the authentication protocol used: •EAP-FAST •EAP-SIM •LEAP •PEAP •TLS •TTLS
If you select EAP-FAST, then you also need to specify the Protected Access Credential (PAC). If you select TLS, then you must specify an Identity Certificate. If you select TTLS, then you must also specify the Inner Identity Authentication Protocol. You may optionally specify an Outer Identity.
|
Connects To |
Select Internet or Work. |
Apple Settings |
|
Channel |
For macOS only. Select one of the following distribution options:
|
Auto Join |
Specifies whether devices should automatically join the corresponding Wi-Fi network. If this option is not selected, device users must tap the network name on the device to join the network. |
Disable Captive Network Detection |
Select to disable Apple's Captive Network Assistant, which automatically detects captive networks. When this option is selected, device users must manually open a web browser to trigger the portal login for the captive network. This feature is supported on devices running iOS 10 and macOS 10 or supported newer versions. |
Disable MAC address randomization |
Select to disable MAC address randomization for that Wi-Fi network while associated with the network. Device users will see a "Privacy Warning" message on their Wi-Fi settings indicating that the network has reduced privacy protections. Changing this option will disable the Private Address. The device user will still have the ability to set the device to report a random address for new connections instead of the device's actual Wi-Fi MAC address. Applicable to iOS 14.0 or supported newer versions. |
Proxy Type |
Specifies whether a proxy is configured, and which type. Available types are Manual and Auto. |
Proxy PAC URL |
Specifies the URL for the proxy auto-configuration (PAC) file. |
Proxy Server |
Specifies the proxy server’s IP address. |
Priority |
Enter a number between 1 and 100 to set the priority for the Wi-Fi setting, or leave the field blank. If multiple Wi-Fi settings are applied, the device selects the Wi-Fi setting with the higher priority. Higher numbers signify higher priority. |
Cisco QoS fast lane |
Supported on devices running iOS 10 or supported newer versions. |
Restrict QoS marking |
Select to restrict Cisco Quality of Service (QoS) "fast lane" prioritization to particular whitelisted iOS apps. Disabled by default, such that any iOS app may benefit from fast lane prioritization. |
Disable L3 marking and only allow L2 marking for traffic sent to the Wi-Fi network |
Select to mark traffic sent to the Wi-Fi network as L2 only. |
Whitelist audio and video calls for L2 and L3 marking |
Select to allow all voice and video calls to be marked as L2 and L3 traffic. If you disable L3 marking and whitelist audio and video for L2 and L3 marking, then audio and video calls will be marked as L2 only. |
Apps that will be whitelisted for L2 and L3 marking for traffic |
Mark the check box to select specific apps you want to whitelist for L2 and L3 traffic marking. •Select the Add (+) button to add a row to the table of apps. A new row is added to the table. In the App Name column, select the drop-down list to select an App Catalog app. •Repeat for any other apps you want to whitelist for L2 and L3 traffic marking. |
Android Settings |
These settings apply only to Android devices. |
Windows Settings |
These settings apply only to Windows devices. |