Enable Machine Wi-Fi Profile


Computer Configuration > Policies > Centrify Settings > Mac OS X Settings > 802.1X Wireless Settings Enable Machine Wi-Fi Profile


Enable this policy to create an 802.1X Wi-Fi profile for wireless network authentication for a computer.

Note:   This group policy only supports macOS 10.15 and lower.

This policy supports WEP or WPA/WPA2 security with the TLS protocol for certificate-based authentication for computers.

Before you can enable this policy, you must have a Windows server configured for 802.1X wireless authentication. The configuration includes certificate templates that are configured for auto-enrollment of domain computers and automatically downloaded to Mac computers when they join the domain. See Configuring 802.1X wireless authentication for details about what you must configure before enabling the current policy.

After enabling this policy, set the following:

  • SSID: Type the SSID for the wireless network.
  • Template Name: Type the name of the auto-enrollment machine certificate that has been pushed down from the Windows domain server.

    When pushed to a Mac computer, certificate names are prepended with auto_; for example:

    This group policy runs a script that looks for the specified certificate template in the /var/centrify/net/certs directory (which contains the certificate templates downloaded from the domain controller) and creates a WiFi profile from this certificate.

  • Security Type: Select the security type from the drop-down list.
  • Other options: Select one or more of the following options:

    • Auto join: Select this option to specify that the computer automatically join a Wi-Fi network that it recognizes. Do not select this option to specify that the logged in user must manually join a Wi-Fi network.
    • Hidden network: Select this option if the Wi-Fi network does not broadcast its SSID.

    • Proxy PAC URL: The URL of the PAC file that defines the proxy configuration. You can enter any string without spaces.

    • Proxy PAC Fallback: Allows the device to connect directly to the destination if the PAC file is unreachable. This option is disabled by default.

Once enabled, this policy takes effect dynamically at the next group policy refresh interval.