Subscribe to Help Center RSS FeedEAP-TTLS/PAP is a widely deployed authentication protocol that provides enhanced network security through digital authentication, ensuring that the appropriate users and devices have access to JumpCloud RADIUS. Learn to configure EAP-TTLS/PAP for your JumpCloud RADIUS clients that run Android.
Important:
- The two use cases that require EAP-TTLS/PAP in JumpCloud are:
- Delegated Auth with Entra ID. See Authenticate to RADIUS with Entra ID.
- 6-digit time-based one-time password (TOTP) multi-factor authentication (MFA) for RADIUS-based VPN authentication.
- We do not recommend using PAP without EAP-TTLS or your configuration will be insecure.
- If you are not using one of these two use cases then JumpCloud recommends using PEAPv0 (also referred to as EAP-PEAP or PEAP-MSCHAPv2) for authentication because it requires no additional configuration as this is the default used by all Operating Systems.
- For more information, see Configure Your WiFi Clients to Use RADIUS.
Prerequisites:
- JumpCloud RADIUS configuration. For more information, see Get Started: RADIUS.
Configuring a WiFi Profile on Android Devices
Note:
These steps may vary slightly depending on the make and model of your Android device.
To configure a WiFi profile with EAP-TTLS/PAP on Android devices:
- On an Android device, go to Settings > Network & internet and tap on Internet.
- Either select the WiFi SSID from the list, or select + Add network and create a new wireless profile.
- (Optional) Enter the Network SSID.
- Configure the following settings:
- EAP method: TTLS.
- Phase 2 authentication: PAP.
- CA certificate: Trust on First Use.
- Identity: Enter the user’s JumpCloud email address (or Entra ID username if using delegated authentication).
- Password: Enter the user’s JumpCloud password (or Entra ID password if using delegated authentication).
- Tap Save.
- Tap Connect.
- When prompted for Is this network trusted? Tap Yes, connect.
Back to Top
In this Article
Learn More