You can use policy to configure Wi-Fi networks on a device. The Android Management API uses Open Network Configuration, a standard JSON-based format which was originally developed as part of the Chromium project. Refer to the specification for full details on Open Network Configuration.
To include an Open Network Configuration in a policy, set the
openNetworkConfiguration field on a
Policy
resource.
For fully managed devices, you can optionally prevent a user from manually
configuring Wi-Fi settings on their device by setting wifiConfigDisabled to
true in the
Policy
resource.
Supported features
The Android Management API only supports a subset of the Open Network Configuration specification.
- Top-level object:
Typemust be omitted or set toUnencryptedConfiguration. There is no need to encrypt the network configuration within a policy because the entire policy is encrypted within the Android Management API service. Additionally, there is a second layer of encryption for sensitive information such as passphrases and private keys.
NetworkConfigurationobjects:GUID,Name,Type, andWiFiare the only supported fields, and are all required.Typemust be set toWiFi. Other types of networks are not supported.
WiFiobjects:AllowGatewayARPPollingis not supported.SignalStrengthis not supported.- For
WEP-PSKpassphrases, only 40-bit (10-digit) or 104-bit (26-digit) passphrases are supported. - The specification states that
WEP-PSKpassphrases must start with the prefix0x. However, for consistency with the Android Framework, this prefix is not required.
EAPobjects:ClientCertPatternis not supported.SaveCredentialsis not supported.UseSystemCAsis not supported.ClientCertTypesupports only theRefvalue- The following values are supported for
Inner:MSCHAPv2,PAP - The following values are supported for
Outer:EAP-AKA,EAP-TLS,EAP-TTLS,EAP-SIM,PEAP
Certificateobjects:Removeis not supported. Omit the certificate in the configuration instead.TrustBitsis not supported.
Examples
Multiple WiFi networks
This example policy fragment shows three Wi-Fi networks configured with
different security schemes. The Open Network Configuration JSON is nested within
the openNetworkConfiguration field of the
Policy
JSON.
"openNetworkConfiguration": {
"NetworkConfigurations": [{
"GUID": "a",
"Name": "Example A",
"Type": "WiFi",
"WiFi": {
"SSID": "Example A",
"Security": "None",
"AutoConnect": true
}
}, {
"GUID": "b",
"Name": "Example B",
"Type": "WiFi",
"WiFi": {
"SSID": "Example B",
"Security": "WEP-PSK",
"Passphrase": "1234567890"
}
}, {
"GUID": "c",
"Name": "Example C",
"Type": "WiFi",
"WiFi": {
"SSID": "Example C",
"Security": "WPA-PSK",
"Passphrase": "baseball"
}
}]
}
EAP authentication
This example policy fragment shows a WiFi network configured with EAP-TLS
authentication. In addition to the NetworkConfigurations object, the example
includes two Certificates objects for the client and server certificates.
"openNetworkConfiguration": {
"Type": "UnencryptedConfiguration",
"NetworkConfigurations": [{
"GUID": "a",
"Name": "Example A",
"Type": "WiFi",
"WiFi": {
"SSID":"Example A",
"EAP": {
"Outer": "EAP-TLS",
"Identity": "example",
"ServerCARef": "abc123",
"ClientCertType": "Ref",
"ClientCertRef": "xyz456"
},
"Security":"WPA-EAP"
}
}
],
"Certificates": [{
"GUID": "abc123",
"Type": "Server",
"X509": "TWFuIGlzIGRpc3Rpbmd1a" //Base-64 encoded X.509 certificate
},
{
"GUID": "xyz456",
"Type": "Client",
"PKCS12": "6PQIEQYJKoZbdDu8gwggRlqCCAPEbAAcGClgvcNAQc" //Base-64 encoded PKCS#12 file
}
]
}