This Library Item is available for Apple and Windows devices
Create a Wi-Fi Profile Library Item
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.1
Navigate to Library
Navigate to the Library and select Add Library Item.
2
Select Wi-Fi
Search for and select Wi-Fi.
3
Enter Name
Enter a Name for the Library Item.
4
Select Platforms
Select one or more platforms under Install on.
5
Assign to Blueprints
Assign the profile to one or more Blueprints.
General Settings
- Apple
- Windows
1
Specify SSID
Specify the Service Set Identifier (SSID), also known as the network’s name.
2
Configure auto join
If you want devices to automatically join this network when it is available, select Auto join network. If you do not select Auto join network, devices will know how to connect to the network, but the user will have to choose to do so.
3
Set hidden network (if needed)
If the network is hidden—i.e., it does not broadcast its SSID—select Hidden network. Hidden networks are not standards-compliant and are not recommended.
4
Configure MAC address randomization
If you wish to turn off MAC address randomization, select Disable MAC address randomization.
Available for iOS 14+ and later versions.
Apple-only General Settings
1
Enable IPv6 (optional)
To use IPv6 on this network, select IPv6.
2
Disable captive network detection (optional)
If you do not want to use Apple’s Captive Network Assistant on this network, select Disable captive network detection.
Authentication
Select the Authentication type for the network. Options vary depending on platform:None
Use the None authentication type when no password is necessary to join the network. If a network with the specified SSID is available and does not require authentication, the device will attempt to join it.- No password is required.
- Devices automatically connect if the SSID is available.
It is highly recommended NOT to use this authentication type as anyone can join the network without authenticating.
Pre-Shared Key (PSK)
PSK authentication is commonly used in home and small business environments. Anyone who has the network’s shared password can join it.1
Select security type
Choose from: WEP, WPA Personal, WPA2 Personal, WPA3 Personal, or Any Personal. Any Personal will work with any of the methods above, and it is useful when some locations use WPA2, and others use WPA3.
Windows supports WPA Personal and WPA2 Personal.
2
Enter network password
Enter the Password for the network. If you do not enter a password, the device prompts the user to enter a password when connecting to the network.
Configure an Identity Certificate
You can configure an identity certificate using AD CS, SCEP, or by uploading a PKCS #12 file. For instructions on configuring identity certificates, see our Using Identity Certificates for 802.1X Authentication support article.Configure Certificate Trust Settings
Specifying trusted certificates in the Wi-Fi Library Item is not recommended. If certificates are renewed or changed, you will need to redeploy the entire Wi-Fi profile, potentially causing devices to disconnect from the Wi-Fi network. Instead, install the trusted certificate chain for your RADIUS server(s) using a separate Certificates Library item. Then specify the name of those certificates in the Wi-Fi Library item under Specify server certificate names. See Apple Platform Deployment for more information. Most enterprise Wi-Fi environments require that devices trust the 802.1X authentication server(s), typically a Remote Access Dial-In User Server (RADIUS). The Certificate trust settings allow you to configure which certificates presented by the server devices will trust. If a device does not trust the authentication server(s), the user will be prompted to trust it.1
Specify trusted certificates (optional)
Select Specify trusted certificates if you want to provide certificates for the configured devices to trust. Then upload the certificates in .cer or .crt format.
2
Specify server certificate names (optional)
Select Specify server certificate names if you want to provide DNS names of certificates devices should trust. Then enter their DNS names — wildcards are accepted.
3
Allow trust exceptions (optional)
Select Allow trust exceptions if you want to ask the user whether to trust the authentication server if the presented certificate fails validation. This option is deprecated in newer versions of macOS and iOS.