Kandji EAP-TTLS setup
This guide walks you through the process of setting up EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security) on Kandji MDM with Foxpass. It details the configuration steps required to integrate EAP-TTLS with Kandji, ensuring a secure and streamlined authentication process for your networked devices.
Configure Wi-Fi profile in Kandji
Follow the steps below in Kandji MDM:
- Go to the library.
- Click 'Add New'
Click 'Add new' button
- Search for Wi-Fi in the search box.
- Click on Wi-Fi under Profiles.
- Click 'Add and Configure'
Add Wi-Fi profile
Add and configure Wi-Fi profile
Make settings as below. Anything not mentioned, leave as the default.
- Give a name to your profile. For e.g. <Foxpass Wi-Fi profile>
- Install on: MAC
- Assign it to the proper blueprint.
Configure Wi-Fi profile
- Service Set Identifier: <YOUR SSID> Note: This must match your network's SSID name exactly including capital letters. SSID 'Foxpass EAP-TTLS' in the screenshot is just an example.
- Authentication Type: WPA2 Enterprise
- Check 'Use as a Login Window configuration'.
- Accepted EAP Types: TTLS
- Authentication: Username and password
- Inner authentication: PAP
- Certificate trust: Select 'Specify server certificate names' and add *.foxpass.com in the textbox. Save your profile.
Enroll your device
Enroll your device to Kandji if not enrolled already. The enrollment URL is your Kandji URL followed by /enroll. Follow the on-screen instructions and install the profile on your MAC. Once the profile is installed, you will be connected to your configured SSID. You can see the status of your profile in Kandji by clicking your device and then clicking dropdown of your Wi-Fi profile.
Sample status of EAP-TTLS profile
You can check successful/unsuccessful logs on the RADIUS logs page.
RADIUS logs
Updated 6 months ago