Apple iOS - EAP-PEAP Configuration

Configure iPhone, iPad, and Mac devices to connect securely to IronWiFi WPA-Enterprise wireless networks using EAP-PEAP authentication. This guide covers manual configuration, configuration profiles, and MDM deployment for enterprise environments.

Overview

EAP-PEAP provides secure wireless authentication using a username and password. iOS devices fully support EAP-PEAP and can be configured manually or via MDM profiles.

Prerequisites

• iOS 15 or later
• Valid IronWiFi user credentials
• Wireless network configured with WPA2-Enterprise

Manual Configuration

iPhone / iPad

1. Open Settings and tap the WiFi option

2. Tap your enterprise network name from the list of available networks

3. A dialog appears asking for credentials. Enter your Username and Password, then tap Join

First-Time Connection

On first connection, iOS will display a certificate trust dialog:

1. Review the certificate details
2. Verify the server name matches your expected RADIUS server

3. Tap Trust to accept the certificate (you can skip this page by downloading and installing the certificate to your user's devices manually)

4. If provided credentials are valid and the user is allowed to use the wireless network, the device should now be successfully connected

Configuration Profile (MDM)

For enterprise deployment, create a WiFi configuration profile:

Using Apple Configurator 2

1. Open Apple Configurator 2
2. File > New Profile
3. Add WiFi payload
4. Configure:
   • SSID: Your network name
   • Security Type: WPA2-Enterprise
   • Protocols: Select PEAP
   • Authentication: Username and password
   • Username: Leave blank for per-user entry or use variable
   • Password: Leave blank for per-user entry
5. Add Certificate payload for the CA certificate
6. Save and deploy the profile

Profile XML Example

Intune / Jamf Deployment

Microsoft Intune

1. Go to Devices > Configuration profiles
2. Create new profile for iOS/iPadOS
3. Select WiFi template
4. Configure:
   • WiFi type: Enterprise
   • EAP type: PEAP
   • Certificate server names: Your RADIUS hostname
   • Root certificate for server validation: Select deployed CA cert

Jamf Pro

1. Computers/Devices > Configuration Profiles
2. Add Network payload
3. Select:
   • Security Type: WPA2-Enterprise
   • Protocol: PEAP
   • Configure authentication settings

Troubleshooting

"Unable to Join Network"

1. Verify your credentials are correct
2. Check that the network is within range
3. Forget the network and try again:
   • Settings > WiFi > tap (i) > Forget This Network

Certificate Trust Issues

If iOS won't trust the certificate:

1. Check if the CA certificate needs to be installed
2. Go to Settings > General > About > Certificate Trust Settings
3. Enable trust for the certificate

Authentication Loops

If repeatedly prompted for credentials:

1. Ensure username format is correct (may need full email)
2. Check account isn't locked in IronWiFi console
3. Verify password hasn't expired

Profile Installation Fails

1. Check the profile isn't corrupted
2. Ensure device isn't managed by conflicting MDM
3. Review profile in Settings > General > VPN & Device Management

Mac OS Configuration

macOS 13 (Ventura) and Later

1. Click WiFi icon in menu bar
2. Select your enterprise network
3. Enter:
   • Username: Your username
   • Password: Your password
4. Click Join
5. Trust the certificate when prompted

802.1X Settings

For advanced configuration:

1. System Settings > Network (or WiFi)
2. Select your network and click Details
3. Configure 802.1X authentication settings
4. Set EAP-PEAP parameters

Related Topics

Same protocol on other devices

• Android — EAP-PEAP
• Chromebook — EAP-PEAP
• Linux — EAP-PEAP
• Windows — EAP-PEAP

Other protocols on macOS & iOS

• macOS & iOS — EAP-TLS — certificate-based auth
• macOS & iOS — TTLS + PAP — legacy RADIUS

Foundational reading

• WPA3-Enterprise overview
• Troubleshooting Guide