Enable User Wi-Fi Profile

Path

Computer Configuration > Policies > Centrify Settings > Mac OS X Settings > 802.1X Wireless Settings > Enable User Wi-Fi Profile

Description

Enable this policy to create an 802.1X Wi-Fi profile for wireless network authentication for a user.

Note:   This group policy only supports macOS 10.15 and lower.

This policy supports the TLS protocol for certificate-based authentication for users.

By default, the auto-enrolled user certificates are pushed down to ~/.centrify/autouser_(name).{cert.key.chain}. Certificates are also imported into each user’s login keychain.

The resulting profile is signed using the first available auto-enrolled machine certificates, which are under /var/centrify/net/certs/auto_(name).{cert.key.chain}. If an auto-enrolled machine certificate is not available, the profile will be unsigned.

Before you can enable this policy, you must have a Windows server configured for 802.1X wireless authentication. The configuration includes certificate templates that are configured for auto-enrollment of domain computers and automatically downloaded to Mac computers when they join the domain. See Configuring 802.1X wireless authentication for details about what you must configure before enabling the current policy.

After enabling this policy, set the following:

  • SSID: Type the SSID for the wireless network.
  • Security Type: Select the security type from the drop-down list.
  • Other options: Select one or more of the following options:
    • Auto join: Select this option to specify that the computer automatically join a Wi-Fi network that it recognizes. Do not select this option to specify that the logged in user must manually join a Wi-Fi network.
    • Hidden network: Select this option if the Wi-Fi network does not broadcast its SSID.

    • Proxy PAC URL: The URL of the PAC file that defines the proxy configuration. You can enter any string without spaces.

    • Proxy PAC Fallback: Allows the device to connect directly to the destination if the PAC file is unreachable. This option is disabled by default.

Users must perform these steps after login to authenticate to the network as the user:

  1. Select System Preferences > Network > Wi-Fi.
  2. If there are any pre-existing 802.1X connections, click Disconnect to disconnect the pre-existing connections. For example, if a machine 802.1X Ethernet policy has been set, the computer will already be authenticated using the machine credential.
  3. Click Connect. This action prompts the user with a list of available user identities in certificate-key pair format.
  4. Choose the appropriate auto-enrolled user identity (a certificate-key pair).