Shared authentication

Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. With SKA, a computer equipped with a wireless modem can fully access any WEP network and exchange encrypted or unencrypted data.

Use the following guidelines to set up shared authentication:

**Table 46.** Wi-Fi shared authentication field descriptions
Item	Description
Name	Enter the name to use to reference this configuration in Ivanti EPMM.
Network Name (SSID)	Enter the name (i.e., service set identifier) of the Wi-Fi network these settings apply to. This field is case sensitive.
Description	Enter additional text to clarify the purpose of this group of Wi-Fi settings.
Hidden Network	Select this option if the SSID is not broadcast.
Authentication	Select Shared.
Data Encryption	This feature is not supported on iOS devices.
Network Key	This feature is not supported on iOS devices.
Key Index	WEP encryption If using multiple network keys, select a number indicating the memory position of the correct encryption key.
Confirm Network Key	This feature is not supported on iOS devices.
User Name	WEP Enterprise encryption Specify the variable to use as the user name when establishing the Wi-Fi connection. See Supported variables for Wi-Fi authentication.
Password	WEP Enterprise encryption Specify the variable to use and any necessary custom formatting for the Wi-Fi password. The default variable selected is $PASSWORD$. Enter additional variables or text in the text box adjacent to the Password field. Entries in this text box are kept hidden and will not be visible to any Ivanti EPMM administrator. Note the following: •If you specify $PASSWORD$, also enable Save User Password under Settings > System Settings > Users & Devices > Registration. •All variables and text up to the last valid variable will be visible. Anything after the last valid variable will not be visible. The valid variable may appear in either of the password fields. See Supported variables for Wi-Fi authentication.
Apply to Certificates	WEP Enterprise encryption Configure this field with the CA certificate needed to validate the Identity Certificate presented by the Wi-Fi Access Point. It is not the CA certificate needed to validate the Identity Certificate sent to the device in the Wi-Fi config.
Trusted Certificate Names	WEP Enterprise encryption. If you did not specify trusted certificates in the Apply to Certificates list, then enter the names of the authentication servers to be trusted. You can specify a particular server, such as server.mycompany.com or a partial name such as *.mycompany.com.
Allow Trust Exceptions	WEP Enterprise encryption. Select this option to let users decide to trust a server when the chain of trust can’t be established. To avoid these prompts, and to permit connections only to trusted services, turn off this option and upload all necessary certificates.
Use Per-connection Password	WEP Enterprise encryption. Select this option to prompt the user to enter a password each time the device connects to the Wi-Fi network.
EAP Type	Select the authentication protocol used: •EAP-FAST •EAP-SIM •LEAP •PEAP •TLS •TTLS You can make multiple selections. If you select EAP-FAST, then you also need to specify the Protected Access Credential (PAC). If you select TLS, then you must specify an Identity Certificate. If you select TTLS, then you must also specify the Inner Identity Authentication Protocol. You may optionally specify an Outer Identity.
Connects To	Select Internet or Work.
Apple Settings
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Auto Join	Specifies whether devices should automatically join the corresponding Wi-Fi network. If this option is not selected, device users must tap the network name on the device to join the network.
Disable Captive Network Detection	Select to disable Apple's Captive Network Assistant, which automatically detects captive networks. When this option is selected, device users must manually open a web browser to trigger the portal login for the captive network. This feature is supported on devices running iOS 10 and macOS 10 or supported newer versions.
Disable MAC address randomization	Select to disable MAC address randomization for that Wi-Fi network while associated with the network. Device users will see a "Privacy Warning" message on their Wi-Fi settings indicating that the network has reduced privacy protections. Changing this option will disable the Private Address. The device user will still have the ability to set the device to report a random address for new connections instead of the device's actual Wi-Fi MAC address. Applicable to iOS 14.0 or supported newer versions.
Proxy Type	Specifies whether a proxy is configured, and which type. Available types are Manual and Auto.
Proxy PAC URL	Specifies the URL for the proxy auto-configuration (PAC) file.
Proxy Server	Specifies the proxy server’s IP address.
Priority	Enter a number between 1 and 100 to set the priority for the Wi-Fi setting, or leave the field blank. If multiple Wi-Fi settings are applied, the device selects the Wi-Fi setting with the higher priority. Higher numbers signify higher priority.
Cisco QoS fast lane	Supported on devices running iOS 10 or supported newer versions.
Restrict QoS marking	Select to restrict Cisco Quality of Service (QoS) "fast lane" prioritization to particular whitelisted iOS apps. Disabled by default, such that any iOS app may benefit from fast lane prioritization.
Disable L3 marking and only allow L2 marking for traffic sent to the Wi-Fi network	Select to mark traffic sent to the Wi-Fi network as L2 only.
Whitelist audio and video calls for L2 and L3 marking	Select to allow all voice and video calls to be marked as L2 and L3 traffic. If you disable L3 marking and whitelist audio and video for L2 and L3 marking, then audio and video calls will be marked as L2 only.
Apps that will be whitelisted for L2 and L3 marking for traffic	Mark the check box to select specific apps you want to whitelist for L2 and L3 traffic marking. •Select the Add (+) button to add a row to the table of apps. A new row is added to the table. In the App Name column, select the drop-down list to select an App Catalog app. •Repeat for any other apps you want to whitelist for L2 and L3 traffic marking.
Android Settings	These settings apply only to Android devices.
Windows Settings	These settings apply only to Windows devices.