To give your users access to the Meraki AP using OneLogin RADIUS, you can create a WiFi profile and install it on your users' devices. The method you use to create the WiFi profile, distribute it, and install it depends on your organization's preferred tools and procedures. This article describes how to:
- Create the WiFi profile for Mac OS X devices using Apple Configurator 2
- Install the WiFi profile on Mac OS X devices
You can use alternative applications (like Apple Profile Manager) to create and distribute the WiFi profile. No matter how you create the WiFi profile, it must include:
- The SSID of your Meraki AP
- The OneLogin RADIUS certificate and intermediate CA certificate (trusted in the profile):
Intermediate: RapidSSL SHA256 CA - G3 (
- A Security Type of WPA2-Enterprise
- An authentication scheme of EAP-TTLS/PAP
Creating your WiFi profile using Apple Configurator 2
Note. These instructions use Apple Configurator 2, which requires Mac OS X 10.11 (El Capitan) and above. You could also use Apple Profile Manager on Mac OS X Server 10.7 and above to create and push your WiFi profile. For more information, see your Apple Profile Manager documentation.
Download the OneLogin RADIUS certificate and intermediate CA certificate:
RapidSSL SHA256 CA - G3
In Apple Configurator 2, go to File > New Profile.
In the General section, set the Name and Identifier values.
Go to the Certificates section, and click Configure.
Select the OneLogin RADIUS certificate (
*.eu.onelogin.com.cer) that you downloaded in step 1.
Note. The file may display as
Confirm that the certificate was added.
Since you are installing the certificate for the first time, the page will display a warning that the certificate was signed by an unknown authority.
Click the Add button to select and add the intermediate CA certificate (
gv.crt) that you downloaded in step 1.
Confirm that both certificates were added.
Go to the Wi-Fi section, and configure the following fields:
- SSID: your desired SSID
- Security Type: WPA2 Enterprise (iOS 8 or later except Apple TV)
- Accepted EAP Types: TTLS
- Inner Authentication: PAP
Note that Enterprise Settings options do not appear until after you have selected the Security Type.
Under Enterprise Settings, select the Trust tab and select the checkbox for both *.us.onelogin.com (or *.eu.onelogin.com ) and RapidSSL SHA256 CA - G3.
Save your WiFi profile.
Go to File > Save. When the dialog appears, warning you that the profile requires user input when installed on a device, click Save Anyway.
Your WiFi profile configuration is done. Now you can transfer and install this profile on any Mac OS X machine that will need to connect to your WiFi network using OneLogin RADIUS server for authentication.
Installing the WiFi profile on client Mac OS X machines
Note. These instructions use Apple Configurator 2. If you use Apple Profile Manager on OS X Server, you can push the WiFi profile directly to Mac OS X client machines.
Transfer the WiFi profile file (
.mobileconfig) that you created above to the client machines that you want to enable to connect to your WiFi network.
On the client Mac OS X machine, open the WiFi profile file (
Click Continue on each dialog that appears.
On the Enterprise Network dialog, enter your OneLogin Username (email) and Password, and click Install.
When OS X asks for your local machine admin credentials, enter them and click OK.
The WiFi profile is now installed on the client machine.
You can now select the SSID from the list of available WiFi networks and connect.