Apple iOS Configuration: Difference between revisions

From Opendium Documentation
Jump to navigation Jump to search
(Created page with "== One-to-one devices == This section covers devices which are always used by the same user, such as devices deployed in a one-to-one arrangement or bring your own device. Scroll down for information regarding shared devices. * If possible, configure your wireless network to use 802.1x (WPA-Enterprise) authentication and to RADIUS#Linking%20a%20network%20access%20controller%20to%20the%20Opendium%20system|send RADIUS accounti...")
 
m (Removed "Ensure that a lock screen PIN is configured on the Android device" from Apple iOS Configuration page.)
Line 8: Line 8:
If the network's [[Web: Permissions & Limits#HTTPS%20decryption|HTTPS Decryption]] mode is set to ''Active'', you must install your unique Opendium inspection certificate, either through an MDM or:
If the network's [[Web: Permissions & Limits#HTTPS%20decryption|HTTPS Decryption]] mode is set to ''Active'', you must install your unique Opendium inspection certificate, either through an MDM or:


* Ensure that a lock screen PIN is configured on the Android device
* Launch Safari and browse to https://''<your Opendium host name>''/opendium.crt or scan the QR code that is displayed on the [[Web]] tab.
* Launch Safari and browse to https://''<your Opendium host name>''/opendium.crt or scan the QR code that is displayed on the [[Web]] tab.
* Tap ''Install'' and enter the device's passcode.
* Tap ''Install'' and enter the device's passcode.

Revision as of 11:21, 26 February 2024

One-to-one devices

This section covers devices which are always used by the same user, such as devices deployed in a one-to-one arrangement or bring your own device. Scroll down for information regarding shared devices.

  • If possible, configure your wireless network to use 802.1x (WPA-Enterprise) authentication and to send RADIUS accounting data to the Opendium system. Set the User Identification mode to RADIUS. If 802.1x authentication cannot be used, Set the User Identification mode to Single User Devices.
  • If you are using 802.1x and RADIUS accounting, log the device onto the network with the user's credentials.
  • If you are not using 802.1x and RADIUS accounting, the user must use the captive portal to authenticate. iOS devices can automatically log in to the captive portal using the WISPr protocol whenever the device reconnects to the network.

If the network's HTTPS Decryption mode is set to Active, you must install your unique Opendium inspection certificate, either through an MDM or:

  • Launch Safari and browse to https://<your Opendium host name>/opendium.crt or scan the QR code that is displayed on the Web tab.
  • Tap Install and enter the device's passcode.
  • A warning will be shown that the certificate will be added to the list of trusted certificates. Tap Install.
  • A confirmation will be shown indicating that the certificate was installed. Tap Done.
  • On iOS 10.3 and above, go to Settings > General > About > Certificate Trust Settings and enable full trust for the Opendium certificate. This step is not required for earlier versions of iOS.

Shared Devices

This section covers devices which are shared between multiple users (one user logged in at a time), such as devices that are free for any student to use.

  • Configure your wireless network to use 802.1x (WPA-Enterprise) authentication and to send RADIUS accounting data to the Opendium system.
  • Set the User Identification mode to RADIUS.
  • Log the device onto the network with a user name that starts with "op-shared-". For example, "op-shared-tablet". This user must exist on the Opendium system.
  • The user must use the captive portal to authenticate.
  • When the user has finished with the device, they must disconnect from the wifi (i.e. turn wifi off on the device, shut down the device, or place the device in a shielded box/cupboard).

If the network's HTTPS Decryption mode is set to Active, you must install your unique Opendium inspection certificate. This is usually done through your MDM system.

Shared devices cannot be supported on networks which do not support 802.1x and RADIUS accounting. If your network cannot support 802.1x, the only option is to disable User Identification.