Hi all!
We run Jamf Trust with enforced Secure DNS (DoH, ProhibitDisablement = true). The activation profile includes an OnDemandRules-SSIDMatch list with Action = Disconnect for typical captive portal networks (airlines, hotels), so that the DNS connection disconnects there and the login page loads.
Problem: A colleague can’t access the captive portal on the Eurowings onboard Wi-Fi (SSID “Wings Connect”), neither on an iPhone nor on a Mac. The SSID is simply missing from the list. The same issue occurs with Lufthansa (“Telekom_FlyNet”), even though “FlyNet” and “Telekom_FlyNet” are included in the list; I suspect the actual SSID being broadcast differs (e.g., with “®”).
My questions for you:
1. Is this captive portal SSID list editable within the Jamf Security Cloud console itself? In our setup, under Settings > Service Controls, I only see “Privacy”—no “Dynamic Routing” or “SSID Bypass.” Am I missing something, or is this managed on the tenant side by Jamf and can only be changed through support?
2. If it’s editable: where exactly do you click to access it?
3. Do you have any idea how to accurately determine the exact SSID broadcast by Lufthansa/Eurowings without actually being on the plane?
Alternatively, I’m considering patching the SSID directly into the Jamf Pro profile payload (extending SSIDMatch), but that will probably be overwritten by the Security Cloud during the next sync, right? How do you usually handle something like this?
Thx
Paul