How to provide differenet configuration profile based on the device type during OnBoard


We might need to push different configuration profile for users based on the device type while OnBoarding

For example iOS devices need to have a Passcode Policy but not for MAC OS X.



We can achieve this by pushing different configuration profiles during Application Authorization request based on the Device-Name, we can send a ClearPass:Configuration-Profile-ID attribute in Enforcement Profile.


Configure a Passcode Policy under Onboard » Configuration » iOS Settings


Now we need to map the above configured iOS setting to the Configuration profile. Create a new Configuration profile for iOS devices and map the passcode policy as below


We will have the Default configuration profile that has only Networks and another Configuration profile and iOS configuration profile that has Networks and Passcode Policy.

We will have the Default configuration profile in the Provisioning settings as all devices except iOS devices will get that profile.

In Policy Manager we ned to create an Enforcement profile for iOS devices.


When we edit the configuration profile, it will show the id in the URL as below


The Enforcement policy conditions should be as below





The following iOS device gets a different Enforcement profile that satisfied the above Enforcement policy conditions

Version history
Revision #:
2 of 2
Last update:
‎03-17-2017 04:37 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: