With a Wi-Fi profile, you can provide your users with Wi-Fi settings. Once assigned, your users can gain access to your organization's Wi-Fi without having to configure it themselves.
- First proceed as described here.
- Select Wi-Fi as the profile you want to add. The following dialog opens:
Make the following settings:
- Profile name: Enter any name for the profile here.
- Network name (SSID): Enter the network name or the device number (SSID) of your Wi-Fi here.
- Security: Cortado supports all common Wi-Fi security protocols. In any case, the use of the WPA3 protocol is recommended. When selecting the security protocol, please note the minimum required OS version of your devices.
- Password: Enter the Wi-Fi password here. Users will then no longer need to enter this password to access the Wi-Fi.
- Activate Auto join if the users should always be automatically connected to the Wi-Fi provided here after one-time authentication.
- Select Hidden network if you do not want your Wi-Fi to be displayed in the list of available Wi-Fi connections on the devices.
- Proxy: If you are using a proxy server, you can choose between:
- Manual: Enter the proxy host name and the corresponding port of your proxy server here. Also enter comma-separated web addresses that are allowed to bypass the proxy.
- Automatic: Under PAC URL, enter the URL of your PAC file so that web browsers automatically find your proxy server for the desired URL.
- Privacy: For devices with Android 13 or higher, you can specify here whether devices that want to connect to the Wi-Fi should use a random MAC address or the MAC address of the device.
- IP settings: For devices with Android 13 or higher, you can control the IP settings here. If you use static IP addresses in your company, you can select this setting here. Dynamic IP addresses (DHCP) are used by default.
- EAP method: The Extensible Authentication Protocol (EAP) is an authentication method that enables the use of different authentication methods for secure network access technologies. Depending on the security option, you can select one of the following EAP methods:
- PEAP (Protected Extensible Authentication Protocol): Securely transmits authenticated data, including legacy password-based protocols. PEAP only uses server-side certificates to authenticate WLAN clients.
- TTLS (Tunneled Transport Layer Security): Mutual authentication of client and network takes place via an encrypted channel. This security method only requires server-side certificates.
- TLS (Transport Layer Security): Relies on client and server-side certificates for authentication. The certificates must be managed on both sides, which can be time-consuming in a large WLAN installation.
- PWD (Password): Authentication method that uses a common password for authentication.
- Phase 2 authentication: Depending on the choice of EAP method, you can select one of the following protocols as the second phase:
- MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol Version 2) is a password-based authentication protocol that is often used as an authentication method in PPTP-based (Point to Point Tunneling Protocol) VPNs.
- MS-CHAP previous version of MS-CHAP V2
- PAP (Password Authentication Protocol): With this protocol, the login data is transmitted in "plain text", i.e. it is not encrypted and can be easily decrypted.
- GTC (Generic Token Card): This method is based on a text sent by an authentication server, which must be sent back processed by a security token. The entire transmission is not encrypted.
- CA certificate/User certificate: The security certificates for your WLAN are stored here. Depending on the choice of EAP method, server and, if applicable, user certificates can be stored here. A corresponding profile must first be set up for your certificate(s). Create such a profile first (see SCEP profile or certificate profile). The required certificate will then appear here as a selection option.
- Identity: Enter the text (any value) to be sent in response to an EAP identity request.
- Anonymous identity: Enter the anonymous identity (any value) here. During authentication, this anonymous identity is sent first and then the real identity is sent via a secure tunnel.
You can now distribute the newly created profile to users/groups/devices. Please note that Wi-Fi must be active on the device for this.
- To do this, select the relevant profile in the left-hand column of the administration portal and click on Assign.
- Now select the users, groups or devices to which you want to assign this profile.
Note! You can also assign the profile under Administration→ Users or Groups.