Is it possible to deploy an iOS Wifi profile that includes some or all of a user’s credentials?
We use WPA2 Enterprise with an EAP authentication scheme for wireless devices. If I try and deploy an iOS Wifi profile that omits the authentication username, the deployment fails - as far as I can tell, this is because the iOS device doesn’t accept the profile, possibly due to not being complete.
In order to get it to deploy, I need to at least supply a username in the profile for the fixlet to be applied successfully. For an organisation with large number of mobile devices, pre-configuring a profile of any sort with static credentials is undesirable.
As these devices are already authenticated, can we use some of this information to deploy a pseudo-dynamic profile - at least with a relevant username? I suppose the same would go for proxy authentication settings as well.
After some tinkering, I found that you can manually edit the fixlet to modify the generated iOS XML and ‘nullify’ the username field so that users don’t get confused when they see someone else’ name.
Now, to work out if I can use variables in the BigFix Action Script to populate the value with data from the device’s properties…
Thanks for your suggestions - this is exactly what I was looking for.
For the time being, I’ve manually modified the action script to include the relevance for the UserName key: {(name of current user as lowercase) | “username”} (We use CN as the ldap login value instead of email).
Dawson, I tried to include the relevance in the UI, but on clicking Finish, a JavaScript error popped up, preventing the fixlet from being updates. I’ve attached a screen shot indicating the error. Obviously, including the values in the UI means that if and when the profile is modified, manual edits don’t need to be re-added (and the operator, whoever it may be, doesn’t need to be aware of this).
I was able to reproduce it when editing profile from the UI, but not when creating new ones). We will fix this in the next release.
As a workaround, you can probably create a new profile with the intended relevance expression, although it could be challenging to get everything right in one shot…
Query solved by including relevance strings in iOS profile fields.
It’s noted that with IEM 9.0.586.0, an error is thrown when editing an existing profile with new or existing relevance strings and modifications can’t be committed.