The Kandji Team

Expanded Support for Enterprise Authentication in Wi-Fi Library Item

AUTHOR: The Kandji Team

 ㅤ   Kandji has updated and expanded our Wi-Fi library item to better support enterprise networking by making it simpler to configure enterprise authentication protocols.  More specifically, the Wi-Fi library item now allows you to configure seven flavors of the 802.1X Extensible Authentication Protocol (EAP): TLS, TTLS, LEAP, PEAP, EAP-FAST, EAP-SIM, and EAP-AKA.

New Wi-Fi dropdown_edit.jpg

Because a single network can support multiple authentication types, you can select more than one EAP type in a single library item. Each of these authentication methods has its own configuration settings. So, for example, if you select TTLS (which uses a TLS tunnel to encrypt another authentication protocol), you then specify an outer authentication protocol (username and password or via directory) and an inner one (CHAP, EAP, MSCHAP, MSCHAPv2, or PAP), as well as minimum and maximum versions of TLS that you want to require.

Wi-Fi SCEP_edit.jpg

Some of these authentication methods require the use of certificates to prove the device’s identity. We’ve added the option to obtain such certificates from a SCEP (Simple Certificate Enrollment Protocol) server; when you select SCEP from the Identity certificate drop-down in the Wi-Fi library item, a drawer slides out where you can provide all of your SCEP specifics (URL of the SCEP server, fingerprint of the Certificate Authority certificate, key size and usage, and so on). For details on that and more, see our support article).