Skip to main content
Cisco Meraki Documentation

Configuring Devices for 802.1X Google Authentication (EAP-TTLS + PAP)

This document outlines how to configure an iOS, Android or Mac OS X device to authenticate to a Meraki wireless network configured to use WPA2-Enterprise 802.1X with Google Auth by using EAP-TTLS + PAP Authentication:

Download the Mobile Configuration Profile from Dashboard

  1. In Dashboard, navigate to the Wireless > Configure > Access control page.
  2. Under the radio button for WPA2-Enterprise (where you enable Google authentication), click to download the provided mobile configuration profile (mobileconfig profile) specific to your network:
  3. Distribute this mobileconfig profile to your WiFi users. Client devices with this profile will use the correct authentication method when connecting to your SSID.

Changing the name of your SSID will require you to distribute a new mobileconfig profile.

Installing the Mobile Configuration Profile on macOS

  1. Double-click the mobileconfig profile to open it with the System Preferences Profile tool:
    You can click Show Profile to verify that it’s signed by Meraki:
  2. Click Continue. You will be asked to provide your Google Apps username and “Application Specific Password.” Every time you associate with this SSID, this set of credentials will be used to authenticate against the Google server for your Google Apps domain:

Installing the Mobile Configuration Profile on iOS

  1. Email the mobileconfig profile to your users.
  2. Your users should open the mobileconfig file from their email app to begin installation.
  3. Verify the the profile is signed by Meraki. Check the details of the profile, which indicate the SSID name, encryption type, and EAP authentication protocol. Select Install.
  4. The user may be prompted to enter their device password. They will then be prompted to enter their Google Apps username and Application Specific Password.