The “Use only saved access points” toggle allows you to create a list of trusted Wi-Fi access points for your devices. Whenever end users set up Wi-Fi through Esper Settings, they’ll only see the pre-approved list of Wi-Fi access points. That means you can control the Wi-Fi access points your devices connect to, making connections more secure.
In this article:
- Using the Wi-Fi Allow List
- Creating a Wi-Fi Allow List in Blueprints
- Creating a Template to Use Only Wi-Fi Access Points
- Utilizing the Wi-Fi Allow List
- Applying the Wi-Fi Allow List Post-Provisioning
- Turning on Wi-Fi Allow List
- Pushing New Access Points
Using the Wi-Fi Allow List
The Wi-Fi Allow List setting restricts Wi-Fi access points on a device. This is helpful when a location has too many access points and users are connecting to unapproved access points. Restricting the Wi-Fi networks users can access further protects users from bad actors.
Once enabled, device users won’t be able to edit, remove, or add access points from the Esper Settings app while in User Mode.
If device users need to update Wi-Fi access points, they can enter Admin Mode in Esper Settings to edit, remove, and add access points. Admin Mode in Esper Settings is accessible by a password which can be set in the blueprint or template under Esper Settings.
Creating a Wi-Fi Allow List in Blueprints
To create a Wi-Fi allow list in Bluerpints, navigate to the Blueprints Manager and create or edit a Blueprint.
In the Connectivity section, enable Use Only Saved Wi-Fi Access Points.
In this example, devices with this Blueprint will only be able to connect to Andi’s Wi-Fi and Andi’s Backup Wi-Fi.
Then edit any other settings in the blueprint, save, publish, and converge the changes.
Creating a Template to Use Only Wi-Fi Access Points
Before provisioning, you can create a template to restrict access to Wi-Fi access points.
In the Settings section, enable Use only saved access points.
Then, enter your Wi-Fi credentials and press Save.
Note: The password may not be visible after saving.
Then, provision your device with the Template. Learn more about provisioning devices with Templates.
Utilizing the Wi-Fi Allow List
The Wi-Fi Allow List works best when the Android Settings app and notification bar are hidden. If the Esper Settings app is available, the device user will need to enter a password to access Admin Settings to change the Wi-Fi access points.
In a Template
In this Template, the Android Settings app is disabled. The Esper Settings App is accessible only through a hidden dock.
In Esper Settings, Wi-Fi is only accessible in Admin mode. So, even if a device user manages to open the hidden dock, they’ll still need to enter the Admin password to access Wi-Fi settings. Consider creating a strong password to prevent unintended access.
Applying the Wi-Fi Allow List Post-Provisioning
After provisioning a device, you can make updates to their access points in Devices & Groups. Locate the device and go to Settings > Wi-Fi.
Enable Use Only Saved Access Points.
To apply the Wi-Fi Allow List for already provisioned devices, you can also use the API. See how to get started with our API.
Send the following command to a Group or Device. This command will restrict devices from connecting to access points outside of those added in the device’s Template or Blueprint.
Tip: You won’t need to add the access points or passwords through this API. The device will pull the Wi-Fi access points from the Template or Blueprint.
Turning on Wi-Fi Allow List
API
POST https://{tenant-name}-api.esper.cloud/api/v0/enterprise/{Enterprise-ID}/command/
Body
{
"command_type":"DEVICE",
"command":"USE_ONLY_SAVED_WIFI_AP",
"command_args":{
"use_only_saved_ap" : true
},
"devices":[
"device_id"
],
"groups": [
"group_id"
],
"device_type":"all"
}
Admins can continue to add new access points via the API, a blueprint, or from Device or Group Settings in the Console. It’s also possible for Admins to add a new access point from Esper Admin Settings, or when they connect devices to Wi-Fi for the first time during provisioning.
Pushing New Access Points
You can also push new Wi-Fi access points. These access points will be available to device users even if they are not present in the Template or Blueprint.
API
POST https://{tenant-name}-api.esper.cloud/api/v0/enterprise/{Enterprise-ID}/command/
Body
{
"command_type": "DEVICE",
"command": "ADD_WIFI_AP",
"command_args": {
"wifi_access_points": [
{
"wifi_ssid": "access_point_name",
"wifi_password": "access_point_password",
"wifi_security_type": "access_point_security_type",
"wifi_phase2_auth": "access_point_auth_or_NONE",
"hidden": true or false
}
]
},
"devices": [
"device_id"
],
"groups": [
"group_id"
],
"device_type": "all"
}
Esper accepts the following security types:
- None
- WEP
- WPA/WPA2
- EAP
Add a Wi-Fi allow list to your fleet so that your devices connect to a secure network every time.