Apple iOS Configuration

From Opendium Documentation
Jump to navigation Jump to search

One-to-one devices

This section covers devices which are always used by the same user, such as devices deployed in a one-to-one arrangement or bring your own device. Scroll down for information regarding shared devices.

  • If possible, configure your wireless network to use 802.1x (WPA-Enterprise) authentication and to send RADIUS accounting data to the Opendium system. Set the User Identification mode to RADIUS. If 802.1x authentication cannot be used, Set the User Identification mode to Single User Devices.
  • If you are using 802.1x and RADIUS accounting, log the device onto the network with the user's credentials.
  • If you are not using 802.1x and RADIUS accounting, the user must use the captive portal to authenticate. iOS devices can automatically log in to the captive portal using the WISPr protocol whenever the device reconnects to the network.

If the network's HTTPS Decryption mode is set to Active, you must install your unique Opendium inspection certificate, either through an MDM or:

  • Launch Safari and browse to https://<your Opendium host name>/opendium.crt or scan the QR code that is displayed on the Web tab.
  • A message pops up and asks if you want to allow the profile, click Allow.
  • A message comes up that says you will need to install this profile through settings.
  • Navigate to settings and there should be a Profile Downloaded section click this, this will disappear after 8 minutes and be deleted if not used, only 1 profile can be accessed in this way at a time(it will always be the most recent profile downloaded).
  • Click the install option in the top right corner of the profile and follow the install wizard for the profile.
  • On iOS 10.3 and above, go to Settings > General > About > Certificate Trust Settings and enable full trust for the Opendium certificate. This step is not required for earlier versions of iOS.

Shared Devices

This section covers devices which are shared between multiple users (one user logged in at a time), such as devices that are free for any student to use.

  • Configure your wireless network to use 802.1x (WPA-Enterprise) authentication and to send RADIUS accounting data to the Opendium system.
  • Set the User Identification mode to RADIUS.
  • Log the device onto the network with a user name that starts with "op-shared-". For example, "op-shared-tablet". This user must exist on the Opendium system.
  • The user must use the captive portal to authenticate.
  • When the user has finished with the device, they must disconnect from the wifi (i.e. turn wifi off on the device, shut down the device, or place the device in a shielded box/cupboard).

If the network's HTTPS Decryption mode is set to Active, you must install your unique Opendium inspection certificate. This is usually done through your MDM system.

Shared devices cannot be supported on networks which do not support 802.1x and RADIUS accounting. If your network cannot support 802.1x, the only option is to disable User Identification.

Retrieved from ‘https://docs.opendium.com/w/index.php?title=Apple_iOS_Configuration&oldid=503