Add SSID without adding it to keychain?

robby_barnes
New Contributor III

Does anyone know if it is possible to add an SSID through jamf (profiles preferably, but even if it's a shell script, that would be fine) without them being added to the keychain? I want to have a secure network for all of our managed devices but not have our employees have the ability to go in to keychain and see what the credentials are.

For reasons that I won't get in to, most of our employees have to have admin accounts unfortunately.

3 REPLIES 3

bentoms
Release Candidate Programs Tester

@robby.barnes In short, No.

If they are admins then they can export/view items in the system keychain.

The only way might be to move to some 802.1x authentication, maybe using certs. As there is no password to connect, instead a cert is used. That cert is often issued via another profile.

davidacland
Honored Contributor II
Honored Contributor II

I can't think of any way to do it that an admin user wouldn't be able to get access to. I was thinking along the lines of a separate keychain to store the credentials but the password used to unlock it would need to live somewhere.

802.1X is probably your best bet.

robby_barnes
New Contributor III

Alright, that's what I was thinking. Thanks guys