Lightspeed Automatic Authentication on iOS

New Contributor

Ok, so what I'm trying to do is set a configuration profile so that when I am on network, my iPad will automatically connect to the wifi that is in range(already configured) and once it is connected it will take a particular set of LDAP credentials that has been specified through a configuration profile and automatically authenticate through Lightspeed Filter and begin filtering using the rulesets that are defined within Lightspeed for that particular user/user group. This will prevent me from having to login through the web filter, but still be getting filtered with the appropriate ruleset. Has anyone had any experience or success with this and if so PLEASE help me out. This may not be something that is possible but it feels too easy to not be available.


Valued Contributor III

So I'm going to speak "Lightspeed" and not "JSS" to you as I have to do that with our Lightspeed guy. We got profile based user auth going, but it's not as perfect as you think.

You have to have BOTH the Lightspeed mobile filter app and a properly authored profile on the device for it to even function for starters.

2nd and this is the most important...this DOES NOT try to replicate the Lightspeed user agent. With lightspeed on Windows or Mac, you have both the lightspeed user agent and the lightspeed mobile filter working in tandem...user agent for on campus, mobile filter for off network. An iPad with the app+profile, you are only emulating the mobile filter part, not the user agent part.

In short for us, that means authenticated filtering only works off campus...on campus, devices still get default policy!

This sounds almost useless but it at least gives the students proper filtering at home.

I have asked lightspeed about that...apparently if we were to re-architect our rocket infrastructure to allow mobile filter to work on campus, we could achieve what you are wanting. Our network guys said no.

We do have it working though... unfortunately only off-campus at the moment but I can answer questions about our profile and how I keep kids from removing the app.

New Contributor

Thanks for the response, I had already achieved the off campus filtering with the Mobile App and a "content filter" configuration. As you said it worked flawlessly at home, without the user having to type in authentication credentials. I was hoping that I could get the same behavior at the school without having to manually enter Lightspeed user information manually. From the information you've given it doesn't seem like it's something that's going to work unless we reconfigure for the Mobile app to used on and off campus, which is a no-go because it doesn't record in lightspeed as it would with a global proxy set up. I noticed in the Wi-Fi configuration profile payload that you can do a proxy setup and enter credentials for this to authenticate. I did try this and the weird thing about it is that when i first pushed the payload to my test device, which hadn't been logged into lightspeed at all that day, and went to location, it automatically authenticated me to the username that I had set it to. It was blocking me appropriately and allowing me to search what is available. It even went as far as to tell me when I tried to access youtube that I was logged in as "username" and could not access it. I was ecstatic, I thought I had figured it out, but when I went back to location this morning to double check and make sure that everything was still working properly, it asked me to manually authenticate.

New Contributor II

I think there is a time limit in lightspeed for how long it will stay logged in when you authenticate, and the max may be 1 day. At least, that's my experience with manual authentication.