David Williams Technical


Endpoint Management & Deployment – MDM Management – Scripting – Cyber Security Engineering – Application Configuration & Deployment

Deploy Wi-Fi Configuration in Jamf (Enterprise)

This document outlines how to deploy an internal enterprise network configuration that is predicated on network authentication. For this document I will refer to My_WiFi.

This process relies on acquiring the certificates. They need to be in a .cer format. I will refer to these as Certificate1 and Certificate2.

Note: If you authenticate WiFi connections using Active Directory you will need to add the mac into the correct container prior to deploying the WiFi configuration.

Firstly, ensure that the mac has an ethernet connection and log on as an administrator.

In Jamf, go to Configuration Profiles > New

In General:

  • Set Name – Set WiFi
  • Category – Utilities
  • Level – Computer Level
  • Distribution – Install Automatically

Select Certificate

Select the + symbol and provide a Certificate Name

On Select Certificate Option select: Upload

Upload the Certificate

You must ensure that Allow all apps access and Allow export from keychain are selected. You don’t need to provide a password.

Select Network 

  • Network Interface – WiFi
  • SSID – My_WiFi
  • Select: Hidden Network and Auto Join
  • Security: Any (Enterprise)

Note: Do not use: Use as a Login Window configuration as the mac constantly tries to prompt for network credentials as authentication.

In the Protocols tab select: PEAP and Use Directory Authentication

In the Trust tab select: Certificate1 certificate (Leave Certificate2 added but not selected) 

This completes the basic process for creating and configuring a hidden Wi-Fi network that uses network credentials to authenticate. 

Before you can start the service the mac confirm that the mac is in the correct container in Active Directory.

Once this has been done, add a test Mac or Group into the scope and save the Configuration Profile. On the test mac go to the System Preferences > Network. The new network (My_WiFi) will appear. After a few seconds it should start or you can select Connect to start the service. Once connection is established you can remove the ethernet cable.

Once the connection is stable and you have tested connectivity by accessing web pages, reboot the mac. At the login screen test logging in with network credentials. If this is successful the process is completed.

If the process has not worked successfully, reinsert the ethernet cable, remove it from the scope so the Configuration Profile is removed. Make any adjustments then re-add the test mac back into the scope then redo the final stages of the process and test logging on again.

Note: If other networks are taking precedence go into System Preferences > Network > WiFi > Advanced and move My_WiFi to the top of the list.

David Williams

, ,