iOS and macOS: Wi-Fi profile settings
iOS
and macOS
: Wi-Fi
profile settingsSettings for
iOS
also apply to iPadOS
devices.macOS
applies profiles to either user accounts or devices. You can configure a Wi-Fi
profile to apply to one or the other.iOS and : macOS Wi-Fi profile setting | Description |
---|---|
Apply profile to | This setting specifies whether the Wi-Fi profile on a macOS device is applied to the user account or the device.Possible values:
This setting is valid only for macOS . |
Automatically join network | This setting specifies whether a device can automatically join the Wi-Fi network. |
Disable MAC randomization | This setting specifies whether devices can randomize their MAC addresses when they join the Wi-Fi network. This setting applies only to devices that are running iOS and iPadOS 14 and later. |
Associated proxy profile | This setting specifies the associated proxy profile that a device uses to connect to a proxy server when the device is connected to the Wi-Fi network. |
Network type | This setting specifies a configuration for the Wi-Fi network.Hotspot configurations apply only to iOS , iPadOS , and macOS devices. If you select one of the hotspot options, do not use the same Wi-Fi profile to configure settings for other device types.Possible values:
The default value is "Standard." |
Displayed operator name | This setting specifies the friendly name of the hotspot operator. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
Domain name | This setting specifies the domain name of the hotspot operator. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." The "SSID" setting is not required when you use this setting. |
Roaming consortium OIs | This setting specifies the organization identifiers of roaming consortiums and service providers that are accessible through the hotspot. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
NAI realm names | This setting specifies the NAI realm names that can authenticate a device. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
MCC/MNCs | This setting specifies the MCC/MNC combinations that identify mobile network operators. Each value must contain exactly six digits. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
Allow connecting to roaming partner networks | This setting specifies whether a device can connect to roaming partners for the hotspot. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
Security type | This setting specifies the type of security that the Wi-Fi network uses.If the "Network type" setting is set to "Hotspot 2.0," this setting is set to " WPA2-Enterprise ."Possible values:
The default value is "None." |
WEP key | This setting specifies the WEP key for the Wi-Fi network. The WEP key must be 10 or 26 hexadecimal characters (0-9, A-F) or 5 or 13 alphanumeric characters (0-9, A-Z).Examples of hexadecimal key values are ABCDEF0123 or ABCDEF0123456789ABCDEF0123. Examples of alphanumeric key values are abCD5 or abCDefGHijKL1. This setting is valid only if the "Security type" setting is set to "WEP personal." |
Preshared key | This setting specifies the preshared key for the Wi-Fi network.This setting is valid only if the "Security type" setting is set to " WPA-Personal ," "WPA2-Personal " or "WPA3-Personal." |
Protocols | |
Authentication protocol | This setting specifies the EAP methods that the Wi-Fi network supports. You can select multiple EAP methods.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," "WPA2-Enterprise " or "WPA3-Enterprise."Possible selections:
|
Inner authentication | This setting specifies the inner authentication method for use with TTLS. This setting is valid only if the "Authentication protocol" setting is set to "TTLS." Possible values:
The default value is "MS-CHAPv2." |
Use PAC | This setting specifies whether the EAP-FAST method uses a Protected Access Credential. This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST." |
Provision PAC | This setting specifies whether the EAP-FAST method allows PAC provisioning. This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST" and the "Use PAC" setting is selected. |
Provision PAC anonymously | This setting specifies whether the EAP-FAST method allows anonymous PAC provisioning. This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST," the "Use PAC" setting is selected, and the "Provision PAC" setting is selected. |
Authentication | |
Outer identity for TTLS, PEAP, and EAP-FAST | This setting specifies the outer identity for a user that is sent in clear text. You can specify an anonymous username to hide the user's real identity (for example, anonymous). The encrypted tunnel is used to send the real username to authenticate with the Wi-Fi network. If the outer identity includes the realm name to route the request, it must be the user's actual realm (for example, anonymous@example.com).This setting is valid only if the "Authentication protocol" setting is set to "TTLS," "PEAP," or "EAP-FAST." |
Use password included in Wi-Fi profile | This setting specifies whether the Wi-Fi profile includes the password for authentication.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," "WPA2-Enterprise " or "WPA3-Enterprise." |
Password | This setting specifies the password that a device uses to authenticate with the Wi-Fi network.This setting is valid only if the "Use password included in Wi-Fi profile" setting is selected. |
Username | This setting specifies the username that a device uses to authenticate with the Wi-Fi network. If the profile is for multiple users, you can specify the %UserName% variable.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," "WPA2-Enterprise " or "WPA3-Enterprise." |
Authentication type | This setting specifies the type of authentication that a device uses to connect to the Wi-Fi network.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," "WPA2-Enterprise " or "WPA3-Enterprise."Possible values:
The default value is "None." |
Type of certificate linking | This setting specifies the type of linking for the client certificate associated with the Wi-Fi profile.This setting is valid only if the "Authentication type" setting is set to "Shared certificate." Possible values:
The default value is "Single reference." |
Shared certificate profile | This setting specifies the shared certificate profile with the client certificate that a device uses to authenticate with the Wi-Fi network.This setting is valid only if the "Type of certificate linking" setting is set to "Single reference." |
Client certificate name | This setting specifies the name of the client certificate that a device uses to authenticate with the Wi-Fi network.This setting is valid only if the "Type of certificate linking" setting is set to "Variable injection." |
Associated SCEP profile | This setting specifies the associated SCEP profile that a device uses to obtain a client certificate to authenticate with the Wi-Fi network.This setting is valid only if the "Authentication type" setting is set to "SCEP." |
Associated user credential profile | This setting specifies the associated user credential profile that a device uses to obtain a client certificate to authenticate with the Wi-Fi network.This setting is valid only if the "Authentication type" setting is set to "User credential." |
Trust | |
Certificate common names expected from authentication server | This setting specifies the common names in the certificate that the authentication server sends to the device (for example, *.example.com). This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," "WPA2-Enterprise " or "WPA3-Enterprise." |
Type of certificate linking | This setting specifies the type of linking for the trusted certificates associated with the Wi-Fi profile.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," "WPA2-Enterprise " or "WPA3-Enterprise."Possible values:
The default value is "Single reference." |
CA certificate profiles | This setting specifies the CA certificate profiles with the trusted certificates that a device uses to establish trust with the Wi-Fi network.This setting is valid only if the "Type of certificate linking" setting is set to "Single reference." |
Trusted certificate names | This setting specifies the names of the trusted certificates that a device uses to establish trust with the Wi-Fi network.This setting is valid only if the "Type of certificate linking" setting is set to "Variable injection." |
Trust user decisions | This setting specifies whether a device prompts the user to trust a server when the chain of trust can't be established. If this setting is not selected, only connections to trusted servers that you specify are allowed. This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," "WPA2-Enterprise " or "WPA3-Enterprise." |
Bypass captive network | This setting specifies whether devices can bypass captive networks. |
Enable QoS marking | This setting specifies whether you can enable L2 and L3 marking for traffic sent through the Wi-Fi network. |
Use QoS for FaceTime calls | This setting specifies whether audio and video traffic for FaceTime calls can use L2 and L3 marking. |
Use only L2 marking for QoS traffic | This setting specifies whether traffic sent through the Wi-Fi network uses only L2 marking. |
Apply QoS marking to selected apps | This setting specifies the bundle IDs for apps that can use L2 and L3 marking. |