Configure Wi-Fi settings for iOS devices

Use LogMeIn Resolve MDM's configuration profiles to add specific Wi-Fi settings to your iOS devices.

Use configuration profiles to store certain Wi-Fi settings and deploy them to multiple iOS devices.

Important: If you want to limit access only to the Wi-Fi networks set up via this configuration profile, use the restriction designed for this purpose. You can configure the restriction by navigating to Configuration profiles > iOS > Restrictions and choosing Force Wi-Fi allowlisting on the Security and privacy tab.

Navigate to Management > Configuration profiles and select Add.
Select iOS, then select Next.
Select Wi-Fi, then select Next.
Define the configuration for the profile.
The following settings are available on each tab of the dialog:
- Wi-Fi network: SSID, network visibility, auto-joining, and security mode
- Wi-Fi proxy: proxy server settings for the Wi-Fi network
- EAP settings: accepted EAP types, trusted certificate, and trusted certificate names for WPA/WPA2 Enterprise Wi-Fi networks
  Note: EAP settings are only visible if the WPA/WPA2 (Enterprise) security mode is selected on the Wi-Fi network tab.
Enter a name and description for the configuration profile, and select Create to finish the configuration.
Deploy the configuration profile to the managed iOS devices as described in Deploying a configuration profile.

Defining the configuration

Wi-Fi network

Setting	Description
SSID	The name of the Wi-Fi network. This field cannot be empty.
Hidden network	Defines whether the network is hidden.
Auto join	Defines whether devices can automatically join the network.
Security mode	The security protocol used for the network. The following options are available: None: the network does not use any security protocol. WEP: the network uses the WEP security protocol. WPA/WPA2: the network uses the WPA or WPA2 security protocol for personal networks. Note: With this option, devices running iOS 16 or later can join WPA2-Personal or WPA3-Personal networks, but not WPA-Personal networks. To allow these devices to join a WPA-Personal network, use the Any (Personal) option. Devices running a lower iOS version than iOS 16 can join WPA, WPA2, and WPA3 personal networks. Any (Personal): devices can connect to personal networks using any security protocol. WPA/WPA2 Enterprise: the network uses the WPA- or WPA2-Enterprise security protocol. WPA3: the network uses the WPA3-Personal security protocol. Note: If the security mode is set to WPA3, but the network uses a WPA2 security protocol, devices cannot automatically join the network. In such cases, you can manually connect the device through its settings. For password-protected networks, use the Password field in the configuration profile wizard to apply the password to the device. This allows the device to automatically populate the password and establish a connection when the Wi-Fi network is selected in its settings. However, if the configuration profile does not include the password or the password deployed with the configuration profile is incorrect, the device owner needs to manually enter it to connect to the network. WPA3 is supported on iPhone 7 and later models, and iPad 5th generation and later models.
Password	The password used for joining the network. This option is only visible for the following security modes: WEP WPA/WPA2 Any (Personal) WPA3

Wi-Fi proxy

On the Wi-Fi proxy tab, define the network's proxy settings. Select one of the following options from the Proxy drop-down menu:

None: the connection does not use a proxy.
Manual: proxy settings are manually defined in the configuration profile.
Automatic: the network uses a proxy server.

Depending on the selected proxy setting, the following settings become available:

**Manual proxy settings**
Setting	Description
Server host name	The fully qualified address of the proxy server.
Port	The port of the proxy server.
Use user-specific proxy account settings	Enabling this setting allows the use of account settings for the specific user(s) the configuration is deployed for. If enabled, the proxy account must be selected from the Proxy account drop-down menu. If you do not enable this setting, the same account name and password are used for all devices that the configuration profile is deployed to, as defined in the Username and Password settings.
Proxy account	This setting is available if the Use user-specific proxy account settings option is checked. Select the user whose proxy server connection settings will be deployed to the device. Settings for the account must be configured for each user for whom the configuration profile will be deployed. Note: To add proxy settings to an existing user entry in LogMeIn Resolve MDM, open the specific user page available under Company > Users, then edit the proxy settings on the Proxy accounts tab.
Username	This setting is available if the Use user-specific proxy account settings option is unchecked. The username that must be used to connect to the proxy server. The same username is used on all devices to which the configuration profile is deployed.
Password	This setting is available if the Use user-specific proxy account settings option is unchecked. The password that must be used to connect to the proxy server. The same password is used on all devices to which the configuration profile is deployed.

**Automatic proxy settings**
Setting	Description
Proxy server URL	The URL of the proxy server from which to fetch the proxy settings.

Creating a WPA/WPA2 Enterprise Wi-Fi network configuration

If WPA/WPA 2 (Enterprise) is selected as the security mode on the Wi-Fi network tab, you can configure various EAP settings for the network, available under the EAP settings tab.

The following settings are immediately available on the EAP settings tab:

Setting	Description
Accepted EAP types	Specify the EAP type(s) that are used to authenticate secured wireless connections. It is possible to use multiple EAP types simultaneously.
Trusted certificate	Define a trusted root certificate for the connection. This field is mandatory for all EAP types. The drop-down list shows the certificates added to LogMeIn Resolve MDM (Management > Files and certificates > Certificates tab). Trusted certificates do not have a private key.
Trusted server certificate names	Define the accepted server certificate common names. In case the server presents a certificate that is not on the list, it will not be trusted. You can add multiple certificate names by entering a certificate name, selecting Add, then entering the next certificate name. Certificate names can be removed from the list by selecting the icon.

EAP type-dependent additional settings

Depending on the selected EAP type, additional settings become available for the following EAP types:

TLS
LEAP
TTLS
PEAP
EAP-FAST

Setting	Description	Applicable accepted EAP type
Identity certificate	Define the certificate for TLS. This setting must be configured for TLS connections. Additionally, when this setting is configured, it also allows two-factor authentication for TTLS, PEAP, and EAP-FAST.	TLS, TTLS, PEAP, EAP-FAST
Outer identity (externally visible identification)	Define the externally visible identity for EAP, TTLS, PEAP, and EAP-FAST connections. This setting allows the user to hide their identity, for example, when setting it to anonymous. The user's actual name appears only inside the encrypted tunnel.	TTLS, PEAP, EAP-FAST
TTLS inner authentication protocol	Define the inner authentication protocol for a TTLS connection.	TTLS
User name	Define the username for authentication when using LEAP, TTLS, PEAP, or EAP-FAST. If this field is left empty, the user is not prompted for authentication upon joining the network.	LEAP, TTLS, PEAP, EAP-FAST
Password	Define the password for authentication when using LEAP, TTLS, PEAP, or EAP-FAST. If this field is left empty, the user is not prompted for authentication upon joining the network.	LEAP, TTLS, PEAP, EAP-FAST
Minimum TLS version	Define the minimum version of TLS to be used with the EAP authentication. This setting is available for TLS, TTLS, PEAP, and EAP-FAST connections and is available in iOS 11.0 and later.	TLS, TTLS, PEAP, EAP-FAST
Maximum TLS version	Define the maximum version of TLS to be used with the EAP authentication. This setting is available for TLS, TTLS, PEAP, and EAP-FAST connections and is available in iOS 11.0 and later.	TLS, TTLS, PEAP, EAP-FAST
Use PAC (Proxy auto-config)	Define whether the device will use an existing PAC when using EAP-FAST. Otherwise, the server must present its identity using a certificate.	EAP-FAST

Required certificates do not need to be deployed separately to the devices, because the configuration profile deployment also installs related certificates.

Monitoring

You can monitor the progress of the configuration profile deployment either on the Management > Action log page or on the individual devices' Device page available under Management > Devices.

Article last updated: 26 March, 2025

Were you able to complete your task?

GoTo Connect

GoTo Meeting

GoTo Webinar

GoTo Room

GoTo Training

OpenVoice

Grasshopper

join.me

LogMeIn Resolve

LogMeIn Resolve MDM

LogMeIn Pro

LogMeIn Central

LogMeIn Rescue

GoToMyPC

GoToAssist

Hamachi

RemotelyAnywhere