
Extensible Authentication Protocol (EAP) device management settings for Apple devices
You can configure the various EAP protocols for Apple devices that enrol in a device management service. Device management services can support the following 802.1X authentication methods for WPA Enterprise and WPA2 Enterprise networks. You can select multiple EAP methods.
- TLS 
- TTLS (MSCHAPv2) 
- EAP-FAST 
- EAP-SIM 
- PEAP (EAP-MSCHAPv2, the most common form of PEAP) 
- PEAP (EAP-GTC, less common and created by Cisco) 
- EAP-AKA (requires no additional configuration) 
The tables that follow describe the settings for each EAP method.
TLS
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Account username | The user’s name. | Yes | |||||||||
| Identity certificate | The Certificates payload used to authorise connections to the network. | Yes | |||||||||
| TLS version support | Select the minimum and maximum TLS versions: 
 | No | |||||||||
TTLS
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Account username | The username for the connection to the network. | Yes | |||||||||
| Account password | The password associated with the username. | Yes | |||||||||
| Identity certificate | The certificate payload used to authorise connections to the network. | Yes | |||||||||
| Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No | |||||||||
| Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No | |||||||||
| Inner authentication | The authentication protocol to be used: 
 | Yes | |||||||||
| Outer identity | Add the externally visible identification. | No | |||||||||
| TLS version support | Select the minimum and maximum TLS versions: 
 | No | |||||||||
EAP-FAST
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Account username | The username for the connection to the network. | Yes | |||||||||
| Account password | The password associated with the username. | Yes | |||||||||
| Identity certificate | The Certificates payload used to authorise connections to the network. | Yes | |||||||||
| Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No | |||||||||
| Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No | |||||||||
| Outer identity | Add the externally visible identification. | No | |||||||||
| TLS version support | Select the minimum and maximum TLS versions: 
 | No | |||||||||
| Protected Access Credential (PAC) support | Specify whether to use PAC. If selected, the other options are: 
 | No | |||||||||
EAP-SIM
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Two RANDs | Select to allow authentication to the network server by providing only two 128-bit random values. | No | |||||||||
PEAP
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Account username | The username for the connection to the network. | Yes | |||||||||
| Account password | The password associated with the username. | Yes | |||||||||
| Identity certificate | The Certificates payload used to authorise connections to the network. | Yes | |||||||||
| Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No | |||||||||
| Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No | |||||||||
| Outer identity | Add the externally visible identification. | No | |||||||||
| TLS version support | Select the minimum and maximum TLS versions: 
 | No | |||||||||
Note: Each device management service developer implements these settings differently. To learn how various TLS, TTLS, EAP-FAST, EAP-SIM and PEAP protocol settings are applied to your devices, consult your developer’s device management service documentation.