Extensible Authentication Protocol (EAP) MDM settings for Apple devices
You can configure the various EAP protocols for Apple devices enrolled in a mobile device management (MDM) solution. MDM solutions can support the following 802.1X authentication methods for WPA Enterprise and WPA2 Enterprise networks (You can select multiple EAP methods):
TLS
TTLS (MSCHAPv2)
EAP-FAST
EAP-SIM
PEAP (EAP-MSCHAPv2, the most common form of PEAP)
PEAP (EAP-GTC, less common and created by Cisco)
EAP-AKA (requires no additional configuration)
TLS
Setting | Description | Required |
|---|---|---|
Account user name | The user’s name. | Yes |
Identity certificate | The Certificates payload used to authorize connections to the network. | Yes |
TLS version support | Select the minimum and maximum TLS versions:
| No |
TTLS
Setting | Description | Required |
|---|---|---|
Account user name | The user name for the connection to the network. | Yes |
Account password | The password associated with the user name. | Yes |
Identity certificate | The certificate payload used to authorize connections to the network. | Yes |
Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No |
Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No |
Inner authentication | The authentication protocol to be used:
| Yes |
Outer identity | Add the externally visible identification. | No |
TLS version support | Select the minimum and maximum TLS versions:
| No |
EAP-FAST
Setting | Description | Required |
|---|---|---|
Account user name | The user name for the connection to the network. | Yes |
Account password | The password associated with the user name. | Yes |
Identity certificate | The Certificates payload used to authorize connections to the network. | Yes |
Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No |
Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No |
Outer identity | Add the externally visible identification. | No |
TLS version support | Select the minimum and maximum TLS versions:
| No |
Protected Access Credential (PAC) support | Specify whether to use PAC. If selected, the other options are:
| No |
EAP-SIM
Setting | Description | Required |
|---|---|---|
Two RANDs | Select to allow authentication to the network server by providing only two 128-bit random values. | No |
PEAP
Setting | Description | Required |
|---|---|---|
Account user name | The user name for the connection to the network. | Yes |
Account password | The password associated with the user name. | Yes |
Identity certificate | The Certificates payload used to authorize connections to the network. | Yes |
Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No |
Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No |
Outer identity | Add the externally visible identification. | No |
TLS version support | Select the minimum and maximum TLS versions:
| No |