Configure WiFi Profiles and Policies
Okta offers two different WiFi features, detailed below. You can implement only one of these features in an org. The WiFi Policies feature is Generally Available (GA) to most orgs, but it is not available if the WiFi Profiles Early Access (EA) feature is enabled for your org. The features are located in different areas of the Admin console. To determine which WiFi feature your org implements, mouse over this screenshot:
Note: The Devices menu is available to orgs that implement Okta Mobility Management (OMM).
This is an Early Access feature. To enable it, please contact Okta Support.
WiFi Profiles is Okta's latest WiFi feature. It allows you to create multiple WiFi profiles and assign them to OMM-enrolled mobile devices so that users are no longer limited to just one WiFi profile per device. It also supports the WPA/WPA2 Enterprise protocol to enable the following:
For important information about this feature, including limitations and workarounds, see Known Issues.
For details about the Generally Available WiFi Policies, see WiFi Policies.
Applicable to all network security types
Password prompts — When users sign in to Okta Mobile, we cache their password for 10 minutes. If you assign WiFi profile(s) to users before the cache expires, users are not prompted to enter their password to complete the profile assignment. If you assign a WiFi profile after the cache has expired, users are prompted to enter a password to complete the assignment. iOS and Android device users are prompted for passwords at different times:
Auto join — The auto join option is not supported on Android devices.
Applicable to WPA/WPA2 enterprise networks
Android passcode is required — Android devices must be configured with a passcode in order to be assigned a WiFi profile secured by a trusted server certificate. Otherwise, WiFi profile assignment will fail.
Always enter the correct password — End users should take special care to enter their password correctly during WiFi network authentication. Okta's WiFi profile authentication process does not detect incorrect passwords immediately, but connection to the WiFi network will fail at some point. iOS users who enter an incorrect password are prompted to re-enter it when their device attempts to connect to the network; Android users who enter an incorrect password are not re-prompted in this case and connection to the network simply fails.
Certificate prompts — If you specify one or more certificates for a WiFi network, users are prompted to install every certificate on Android and Samsung SAFE devices. If you assign users of these devices more than one WiFi profile secured by multiple certificates, additional install prompts are repeated for each WiFi network.
Deleting certificates from devices — In WiFi profiles configured with the security type WPA/WPA2 Enterprise, whether or not deleting a certificate in Okta also deletes the certificate from devices depends on the device type:
Do not add and delete certificates in the same editing session — If you add and delete certificates in a single editing session and/or in the wrong order, the deletion task will succeed but the add task will fail. In this state, your end users will lose their connection to the WiFi network. If you need to edit a WiFi profile to add one or more certificates and delete one or more certificates, treat adding and deleting as separate operations and edit the profile in the following order:
Okta WiFi Policies is Okta's initial WiFi feature. It allows you to configure one or more WiFi policies and push them automatically to end users enrolled in Okta Mobility Management (OMM). This allows end users to join an established WiFi network without having to enter any security information.
Before you begin
WiFi policies are similar to sign-on policies. You can add, delete, and edit WiFi policies and their associated rules.
Create a WiFi policy
For new policies
For all policies
Click Update, or Create Policy.
Add a rule to a WiFi policy
WiFi rules determine whether users can access a WiFi connection. For orgs in which a Default Policy is present (legacy orgs), WiFi Access is set to Disabled. For new WiFi policies, you need to create at least one active rule where access is enabled. The Default Rule cannot be edited.