Skip to main content
This Library Item is available for Apple and Windows devices
The Wi-Fi Library Item lets you configure managed devices to automatically connect to wireless networks. You can define SSIDs, authentication methods, certificates, and proxy settings to ensure secure, consistent connectivity across your fleet. You can deploy Wi-Fi profiles to Apple and Windows devices. While most options are shared, some settings are specific to certain platforms.

Create a Wi-Fi Profile Library Item

To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.
1

Navigate to Library

Navigate to the Library and select Add Library Item.
2

Select Wi-Fi

Search for and select Wi-Fi.
3

Enter Name

Enter a Name for the Library Item.
4

Select Platforms

Select one or more platforms under Install on.
5

Assign to Blueprints

Assign the profile to one or more Blueprints.

General Settings

1

Specify SSID

Specify the Service Set Identifier (SSID), also known as the network’s name.
2

Configure auto join

If you want devices to automatically join this network when it is available, select Auto join network. If you do not select Auto join network, devices will know how to connect to the network, but the user will have to choose to do so.
3

Set hidden network (if needed)

If the network is hidden—i.e., it does not broadcast its SSID—select Hidden network. Hidden networks are not standards-compliant and are not recommended.
4

Configure MAC address randomization

If you wish to turn off MAC address randomization, select Disable MAC address randomization.
Available for iOS 14+ and later versions.
1

Enable IPv6 (optional)

To use IPv6 on this network, select IPv6.
2

Disable captive network detection (optional)

If you do not want to use Apple’s Captive Network Assistant on this network, select Disable captive network detection.

Authentication

None

Use the None authentication type when no password is necessary to join the network. If a network with the specified SSID is available and does not require authentication, the device will attempt to join it.
  • No password is required.
  • Devices automatically connect if the SSID is available.
It is highly recommended NOT to use this authentication type as anyone can join the network without authenticating.

Pre-Shared Key (PSK)

PSK authentication is commonly used in home and small business environments. Anyone who has the network’s shared password can join it.
1

Select security type

Choose from: WEP, WPA Personal, WPA2 Personal, WPA3 Personal, or Any Personal. Any Personal will work with any of the methods above, and it is useful when some locations use WPA2, and others use WPA3.
2

Enter network password

Enter the Password for the network. If you do not enter a password, the device prompts the user to enter a password when connecting to the network.

Enterprise (802.1X EAP)

Enterprise authentication uses 802.1X to provide more secure authentication options when connecting to Wi-Fi networks. Enterprise authentication types include:
  • Dynamic WEP
  • WPA Enterprise
  • WPA2 Enterprise
  • WPA3 Enterprise
When an enterprise type is selected, additional settings appear depending on the chosen EAP type (e.g., EAP-TLS, PEAP, TTLS). You can configure:
  • Identity certificates (SCEP or PKCS #12)
  • Trusted server certificates
  • User authentication (username/password, smartcard, or certificates)
Certificate options are only available if you select one of the WPA Enterprise options in the Authentication type dropdown.
Configure Wi-Fi using the following options:
1

Select authentication type

For Authentication type, choose Dynamic WEP, WPA Enterprise, WPA2 Enterprise, or WPA3 Enterprise.
2

Configure login window settings (macOS)

On macOS, if you wish to authenticate to the network as the user that logs in at the login window, select Use as a Login Window configuration. Otherwise, the configuration is considered a System configuration, and Mac systems will be able to authenticate to the network when a user has not logged in. You can also use this option in conjunction with EAP-TLS so a certificate identity is used to authenticate the system before login, but then login window credentials are used to authenticate the user.
3

Select EAP types

Select the Accepted EAP Types your network supports. You may select more than one and will need to set all the settings necessary for the selected EAP types. For more information on configuring specific EAP types, refer to Configure Enterprise Wi-Fi authentication protocols.
Using this configuration requires integration with a directory service. See this Apple support article for more information.

Configure an Identity Certificate

You can configure an identity certificate using SCEP or by uploading a PKCS #12 file. For instructions on configuring identity certificates, see our Using Identity Certificates for 802.1X Authentication support article.

Proxy

Proxy settings are available for Apple devices only
Configure devices to use a network proxy by configuring the settings in the Proxy section.
1

Enable Proxy management

To configure network proxy settings, toggle the Proxy section to Managed.
2

Configure Automatic proxy

Automatic: Provide a Proxy Auto-Configuration (PAC) URL.
3

Configure PAC fallback (optional)

If you want devices to attempt to connect directly to destinations when the PAC file is not available, select Proxy PAC fallback allowed.
4

Configure Manual proxy

Manual: Enter proxy server, port, and (if required) username and password.

Fast Lane Marking

Fast Lane marking is available for Apple devices only
Use Fast Lane on networks and devices that support Quality of Service (QoS) marking to prioritize traffic from apps on connected devices as voice, video, or real-time data. To learn more about Fast Lane, refer to iOS Compatibility with Cisco QoS Fastlane & Adaptive 802.11r.
Fast Lane is not supported by all networks or devices and is primarily available on Apple devices.
1

Disable Fast Lane (optional)

To turn off Fast Lane, choose Disable Fast Lane for all apps.
2

Enable Fast Lane for specific apps

To turn on Fast Lane, choose Allow specific apps.
3

Add applications to allow list

Fast Lane applies to network traffic from specific apps. Click Add application to add apps to the allow list.
4

Search apps by name

To add apps from your Iru Library, enter the app’s name under Search by name. Select the apps you want to allow to use Fast Lane.
5

Add apps by Bundle ID

You may also specify apps by Bundle ID. Click Add Bundle ID.
6

Configure Bundle ID details

Provide the App Name and Bundle ID and click Add. You can add multiple Bundle IDs.
7

Complete Fast Lane configuration

Click Done.

Certificate Trust Settings

Specifying trusted certificates in the Wi-Fi Library Item is not recommended. If certificates are renewed or changed, you will need to redeploy the entire Wi-Fi profile, potentially causing devices to disconnect from the Wi-Fi network. Instead, install the trusted certificate chain for your RADIUS server(s) using a separate Certificates Library item. Then specify the name of those certificates in the Wi-Fi Library item under Specify server certificate names. See Apple Platform Deployment for more information. Most enterprise Wi-Fi environments require that devices trust the 802.1X authentication server(s), typically a Remote Access Dial-In User Server (RADIUS). The Certificate trust settings allow you to configure which certificates presented by the server devices will trust. If a device does not trust the authentication server(s), the user will be prompted to trust it.
1

Specify trusted certificates (optional)

Select Specify trusted certificates if you want to provide certificates for the configured devices to trust. Then upload the certificates in .cer or .crt format.
2

Specify server certificate names (optional)

Select Specify server certificate names if you want to provide DNS names of certificates devices should trust. Then enter their DNS names — wildcards are accepted.