Setup LDAP Profile on Client Devices

By following these steps, you can configure the LDAP profile on client devices to ensure proper authentication with the Entra ID (Azure AD) LDAP Server.

To allow client devices to authenticate with the Entra ID (Azure AD) LDAP Server, some devices, such as Android phones, require the installation of the Client’s Authentication (CA) Certificate (ca.pem). This certificate is needed for secure communication between the Access Point and client devices and can be exported via the EnGenius Cloud GUI.

To get started:

  1. Client devices scan for the EnGenius WiFi SSID and connect to it.

  2. The 802.1X page pops up and requests the Username and Password. (e.g., account@example.edu).

  3. If the Certificate page pops up, click Trust.

  4. For Android phones, it is required to specify the EAP method and Phase 2 authentication. Please refer to the following settings:

    • EAP method: Select EAP-TTLS.

    • Phase 2 authentication: Select PAP.

      • (Note: If PAP is not supported on client devices, GTC is an alternative option but may have compatibility issues on specific devices, e.g., Chromebook.)

    • Domain (Optional): Enter the corresponding domain shown on Cloud GUI, e.g., engenius.ai (by default)

    • Online Certificate Status: Choose Do not validate.

      • (Note: For Google Nexus devices, this option is not available. The certificate (ca.pem) must be installed.)

PreviousConfigure Microsoft Entra ID Authentication for SSIDNextAppendix

Last updated