NOTE: The workflow actions available to you depend on the Workflow model you select, the MDM system you use, and the OS of your devices.
The Add WiFi action installs one or more profiles onto your devices with information on how to connect to your Wi-Fi networks.
Choose existing WiFi profile: For convenience, you can select any previously-configured profiles from this list. If any need editing, use the Cache tab in the main navigation.
Create a new WiFi profile: Here you are prompted for at least three pieces of information: the Network Name (SSID), the Security type, and the Expiration.
The security type is based on your authentication requirements.
- None: Use this for open WiFi networks.
- WPA/WPA2 Personal: Use this for “normal” WiFi networks that require a password.
- WPA/WPA2 Enterprise: Use this for enterprise WiFi networks that require both username and password.
Disable MAC address Randomization
iOS 14 introduced MAC randomization, which may cause iOS 14 devices to have issues connecting to your network. Imprivata recommends disabling this option when creating a new Wi-Fi profile.
If you have an existing Wi-Fi profile you would like to modify, navigate to the Cache tab to make changes there. Modifying a Wi-Fi profile via the Cache tab will also update any existing workflows where the profile is in use.
The “Automatically forget” option will cause the device(s) to automatically disconnect from the Wi-Fi network after the designated period of time. The device will effectively forget the Wi-Fi SSID and any saved passwords. The forgetting happens even if the device is disconnected from Mobile Access Management.
WPA/WPA2 Enterprise
The “Enterprise” Wi-Fi network isn’t a single standard, but rather a collection of several standards. This makes it unlikely that a unified interface can set up every network. Still, we tried to get Mobile Access Management to create a profile that connects to the most common Enterprise Wi-Fi configurations.
At this time we require a single username and password to be used across all your devices. Individualized credentials for each device are not yet supported.
The certificate is used by the device to ensure the WiFi network is not being spoofed. Usually, you can obtain this certificate from your own Mac or Windows PC.
Start by connecting your Mac or Windows PC to the Enterprise WiFi network. If this is the first time you are connecting, you may be asked to trust the network. That’s great, because your computer is really storing the certificate at that point.
On Mac, you may find the certificate in the Keychain Access app: Go to Finder > Applications > Utilities > Keychain Access. On the left side, click Certificates.
The correct certificate can, unfortunately, be named anything. Usually, the certificate has a name referencing the company or organization it protects. It may include part of your organization’s domain name.
Once identified, simply drag the certificate to your Mac’s desktop to export. Take this file (named .PEM or .CER) and upload it to Mobile Access Management.
After you test, you can easily replace the certificate with another. Just use the Cache tab in the main navigation menu and edit your Wi-Fi profile.