Onboard an iPhone to a Wi-Fi network with certificates

In this topic, you will learn how to onboard using certificates, the self-onboarding portal, an iPhone with iOS, and a Wi-Fi network managed by Portnox™ Cloud.

To onboard to a network using a certificate, you need to generate, download, and install the user/device certificate, and then configure your operating system to connect to the network using this certificate. You can configure your operating system semi-automatically using provisioning or manually.

If you already downloaded and installed the certificate for the same device, for example, to authenticate with another type of network, you don’t need to install the certificate again and you should skip the relevant steps.

Download and install the certificate

In this section, you will generate, download, and install the user certificate on your device.

Note: We recommend that you use the Safari browser in the following steps. Other browsers may cause issues with downloading profiles to your iOS device.
  1. Enter the URL of the self-onboarding portal in your browser.

    To learn how to set up the self-onboarding portal and obtain the URL, see the following topic: Set up the self-onboarding portal.

  2. In Step 1, select the third option: CLEAR account certificate management and press the Next button.

  3. In Step 2, you can select the Corporate email address option or the Corporate username and password option. Select the Corporate email address option if Portnox Cloud manages your user repository. Select the Corporate username and password option if you have integrated Cloud with an external repository. Proceed with the following steps depending on your choice.
  4. If you have chosen Corporate email address:
    Important: Only choose the Corporate email address option if Portnox Cloud manages your user repository. Cloud manages the user repository if it’s not integrated with any external repositories such as Microsoft Azure (Entra ID), Google Workspace, or Okta Workforce Identity.
    1. In the Email field, enter your corporate email address and press the SIGN IN button.

      If you activate the Automatically generate secure password and send me by email checkbox, you will receive a separate email with a Portnox Cloud password. If so, you should use this password in the next steps.

    2. Open your email client and find the email received from Portnox Cloud containing a one-time activation code. Copy this code to the clipboard.

      If you activated the Automatically generate secure password and send me by email checkbox in the previous step, do not confuse the password email with the code email. They are two separate emails.

    3. In the self-onboarding portal, paste the code in the Activation code field and press the CONFIRM button.

  5. If you have chosen Corporate username and password:
    1. Press the tile that represents the authentication repository you want to use to sign in. If you want to use Okta Workforce Identity, enter your Okta login and password and press the SIGN IN button.

      Note: Options depend on the repositories integrated with Portnox Cloud: Microsoft Azure (Entra ID), Google Workspace, and/or Okta Workforce Identity.
    2. Complete the sign in steps depending on the chosen authentication repository.
  6. Press the OBTAIN CERTIFICATE button to download the user certificate generated for your device.

    Note: If you want to replace a certificate you created earlier, for example, because the old one expires soon, press the REISSUE CERTIFICATE button instead.
  7. In the pop-up that says The website is trying to download a configuration profile, press Allow.

  8. In the Profile Downloaded pop-up, press Close.

  9. Press the Home button and press the icon of the Settings app.

  10. In the Settings app, press the Profile Downloaded row.

  11. In the Install Profile pane, press Install.

  12. Enter your passcode.

  13. Press Install.

Result: You downloaded and installed the certificate.

Configure the connection with provisioning

In this section, you will use the self-onboarding portal to generate a provisioning profile that configures your network for you.

You only need to configure your network once so if you do the steps in this section, you should skip the next section.

  1. Go back to Step 1 of the self-onboarding portal by clicking on the Back link.
  2. In Step 1, select the second option: CLEAR account activation and Device provisioning and press the Next button.

    Important: The Wi-Fi network in the group that the account belongs to must be configured for EAP-TLS authentication. For more information, see the following topic: Advanced network configuration.
  3. Follow the same steps as above to authenticate using your corporate email or corporate username and password.
  4. Press the tile in the Wireless Enrollment Profile section that represents the iOS operating system to download the provisioning profile.

  5. In the pop-up that says The website is trying to download a configuration profile, press Allow.

  6. In the Profile Downloaded pop-up, press Close.

  7. Press the Home button and press the icon of the Settings app.

  8. In the Settings app, press the Profile Downloaded row.

  9. In the Install Profile pane, press Install.

  10. Enter your passcode.

  11. Press Install.

  12. Go back to the Settings app and press the Wi-Fi row to change the Wi-Fi settings.

  13. Press the configured Wi-Fi network in the MY NETWORKS section to connect.

Result: Your iPhone phone is connected to a Wi-Fi network managed by Portnox Cloud.

Troubleshooting information: See the following topic: How to troubleshoot typical device onboarding issues.

Configure the connection manually

In this section, you will manually configure your network to use the installed certificate.

You only need to configure your network once so if you did the steps in the previous section, you should skip this section.

Important: Manual configuration is not possible in the latest iOS versions because Apple has removed the option to select the connection mode. If no option to select a mode is available, use provisioning instead.
  1. Press the Home button and press the icon of the Settings app.

  2. In the settings app, press the Wi-Fi row to change the Wi-Fi settings.

  3. In the NETWORKS section, press the name of the network to configure.

  4. In the Enter Password pane, press the Mode row to change the connection mode.

  5. In the Security pane, press EAP-TLS to select it and then press Enter Password to go back to the previous pane.

  6. In the Enter Password pane, enter your corporate email address as Username and press the Identity row to select the identity.

  7. In the Identity pane, press your Portnox identity imported with the certificate to select it and then press Enter Password to go back to the previous pane.

  8. Press Join to connect to the network.

Result: Your iPhone phone is connected to a Wi-Fi network managed by Portnox Cloud.

Troubleshooting information: See the following topic: How to troubleshoot typical device onboarding issues.