Product Documentation

WiFi device policies

Feb 13, 2015

You create new or edit existing WiFi device policies in XenMobile by using the Device Policies page of the XenMobile Console. WiFi policies let you manage how users connect their devices to WiFi networks by defining network names and types, authentication and security policies, whether to use proxy servers, and other WiFi-related details consistently for all users on device platforms you select.

You can configure WiFi settings for users for the following platforms: iOS, Android, Windows Phone 8.1, and Windows 8.1 tablet. Each platform requires a different set of values, which are described in detail in this article.

Important: Before you create a new policy, be sure you complete these steps:
  • Create any deployment groups you plan to use.
  • Know the network name and type.
  • Know any authentication or security types you plan to use.
  • Know any proxy server information you may need.
  • Install any necessary CA certificates.
  • Have any necessary shared keys.

To create a new WiFi device policy

  1. In the XenMobile console, click Configure > Device Policies. The Device Policies page appears.



  2. Click Add to add a new policy. The Add a New Policy dialog box appears. Click WiFi.



    The WiFi Policy page appears.



  3. In the Policy Information pane the following information:
    1. Policy Name: Type a descriptive name for the policy.
    2. Description: Type an optional description of the policy.
    3. Click Next
  4. Under Platforms, select the platform or platforms you want to add or modify. Clear those platforms for which you do not want to configure.

    If you selected iOS, configure these settings:


    iOS WiFi policy information page

    1. In the Network type list, click the network type you plan to use.
    2. If you clicked Standard or Legacy Hotspot, enter the following information:
      1. Network Name: Type the SSID that is seen in the device's list of available networks.
      2. Hidden network (enable if network is open or off): Select whether the network is hidden.
      3. Auto Join: Select whether the network is joined automatically.
    3. If you clicked Hotspot 2.0, enter the following information, which is listed after the Security type information:
      Note: These options apply only to iOS 7.0 and later.
      1. Displayed operator name: Type the operator name to display.
      2. Domain name: Type the domain name.
      3. Allow connecting to roaming partner networks: Select whether to allow devices to connect to roaming partner networks.
      4. Roaming Consortium Organization Identifiers (OI): Optionally, add Roaming Consortium OIs.
      5. Network Access Identifier (NAI) realm names: Optionally, add NAI realm names.
      6. Mobile Country Codes (MCCs) and Mobile Network Configurations (MNCs): Optionally, add MCCs and MNCs.
    4. Security type: In the list, click the type of security to use with the WiFi connection.
      • None
      • WEP
      • WPA/WPA2 Personal
      • Any (Personal)
      • WEP Enterprise
      • WPA/WPA2 Enterprise
      • Any (Enterprise)
      The following table lists the options to be configured for each of the preceding connection types. Each cell lists the default value for an option when a default exists; otherwise, the cell indicates whether the option is not applicable (–), required, or optional.
      None WEP WPA/WPA2 Personal Any (Personal) WEP Enterprise WPA/WPA2 Enterprise Any (Enterprise)
      Password Optional Optional Optional
      TLS OFF OFF OFF
      TTLS OFF OFF OFF
      LEAP OFF OFF OFF
      PEAP OFF OFF OFF
      EAP-FAST OFF OFF OFF
      EAP-SIM OFF OFF OFF
      Inner authentication (TTLS) MSCHAPv2 (when TTLS = On) MSCHAPv2 (when TTLS = On) MSCHAPv2 (when TTLS = On)
      Outer identity Optional (when PEAP, TTLS, or EAP-FAST = On) Optional (when PEAP, TTLS, or EAP-FAST = On) Optional (when PEAP, TTLS, or EAP-FAST = On)
      Use PAC OFF OFF OFF
      Provisioning PAC OFF (when Use PAC = On) OFF (when Use PAC = On) OFF (when Use PAC = On)
      Provisioning PAC anonymously OFF (when Provisioning PAC = On) OFF (when Provisioning PAC = On) OFF (when Provisioning PAC = ON)
      User name Optional Optional Optional
      Per-connection password OFF OFF OFF
      Password Optional Optional Optional
      Identity credential (Keystore or PKI credential) None None None
      Requires a TLS certificate OFF OFF OFF
      Trusted certificates Optional Optional Optional
      Trusted server certificate names Optional Optional Optional
      Allow trust exceptions ON ON ON
    5. Proxy configuration: In the list, select how the VPN connection routes through a proxy server and then configure any additional options.

      The following table lists the options available for Manual and Automatic; None does not require further configuration. Each cell lists the default value for an option when an option exists; otherwise, the cell indicates whether the option is not applicable (–), required, or optional.

      Manual Automatic
      Host name or IP address fro the proxy server Required
      Port for the proxy server Required
      User name Optional
      Password Optional
      Proxy server URL Required
      Allow direct connection if PAC is unreachable On (for iOS 7.0 and later)
    Policy Settings


    Policy removal settings

    1. Under Policy Settings, next to Remove policy, click either Select date or Duration until removal (in days).
    2. If you click Select date, click the calendar to select the specific date for removal.
    3. In the Allow user to remove policy list, click Always, Password required, or Never.
    4. If you click Password required, next to Removal password, type the necessary password.

    If you selected Android, configure these settings:


    WiFi for Android

    1. Network name: Type the SSID that is seen in the list of available networks on the user's device.
    2. Authentication: In the list, click the type of security to use with the WiFi connection.
      • Open
      • Shared
      • WPA
      • WPA-PSK
      • WPA2
      • WPA2-PSK
      • 802.1x EAP
      The following table lists the options to be configured for each of the preceding connection types. Each cell lists the default value for an option when a default exists; otherwise, the cell indicates whether the option is not applicable (–), required, or optional.
      Open Shared WPA WPA-PSK WPA2 WPA2-PSK 802.1 EAP
      Encryption WEP WEP TKIP TKIP TKIP TKIP
      Password Optional Optional Optional
      EAP type PEAP
      Authentication phase 2 None
      Identity Optional
      Anonymous Optional
      CA certificate Select
      Identity credential None
    3. Hidden network (Enable if network is open or off): Select whether the network is hidden.

    If you selected Windows Phone 8.1, configure these settings:


    Windows phone 8.1 WiFi policy information page

    1. Network name: Type the SSID that is seen in the list of available networks on the user's device.
    2. Authentication: In the list, click the type of security to use with the WiFi connection.
      • Open
      • WPA Personal
      • WPA-2 Personal
      • WPA-2 Enterprise
      The following table lists the options to be configured for each of the preceding connection types. Each cell lists the default value for an option when a default exists; otherwise, the cell indicates whether the option is not applicable (-), required, or optional.
      Open WPA Personal WPA-2 Personal WPA-2 Enterprise
      Encryption AES AES AES
      Shared key Optional Optional
    3. Connect if hidden: Select whether to connect when the network is hidden.
    4. Connect automatically: Select whether to connect to the network automatically.
    5. Host name or IP address: Type the name or IP address of a proxy server.
    6. Port: Type the port number for the proxy server.

    If you selected Windows 8.1 tablet, configure these settings:


    Windows 8.1 tablet WiFi policy information page

    1. Name: Type a name for the network.
    2. Network name: Type the SSID that is seen in the list of available networks on the user's device.
    3. Authentication: In the list, click the type of security to use with the WiFi connection.
      • Open
      • WPA Personal
      • WPA-2 Personal
      • WPA Enterprise
      • WPA-2 Enterprise
    4. Hidden network (Enable if network is open or off): Select whether the network is hidden.
    5. Connect automatically: Select whether to connect to the network automatically.
  5. After you finish configuring the settings for one or more platforms and then click Next, the Assignment page appears.
  6. Next to Choose delivery groups, type to find a delivery group or select a group or groups in the list to which you want to assign the policy. The groups you select appear in the right-hand Delivery groups to receive app assignment list.


    Policy assignment page

  7. Expand Deployment Schedule and then configure the following settings:
    1. Next to Deploy, click ON to schedule deployment or click OFF to prevent deployment. The default option is ON. If you choose OFF, no other options need to be configured.
    2. Next to Deployment schedule, click Now or Later. The default option is Now.
    3. If you click Later, click the calendar icon and then select the date and time for deployment.
    4. Next to Deployment condition, click On every connection or click Only when previous deployment has failed. The default option is On every connection.
    5. Next to Deploy for always-on connection, click ON or OFF. The default option is OFF.
      Note: This option applies when you have configured the scheduling background deployment key in Settings > Server Properties. The always-on option is not available for iOS devices.
    Note: The deployment schedule you configure is the same for all platforms. Any changes you make apply to all platforms, except for Deploy for always on connection, which does not apply to iOS.


    Deployment schedule

  8. Click Save to save the policy.