You can add Wi-Fi networks to Chrome OS devices at any time. We recommend using the Google Admin console to create Wi-Fi profiles and then apply them to devices during the enrollment process. Any updates you make later to the Wi-Fi profiles are automatically pushed to devices.
Add a Wi-Fi network
On a computer other than the Chrome OS device you're setting up:
From the Admin console Home page, go to Devices.
- Click Network Wi-Fi.
- (Optional) On the left, select the organizational unit where you want the Wi-Fi network to apply.
Note: By default, an organization inherits the settings of its parent in the organization tree. However, you can override the inherited setting by explicitly changing the setting for the child organization. The new setting applies to users in that organization, and any of its children.
- Click Add Wi-Fi.
- Enter the details for your organization’s Wi-Fi network and set it to Automatically connect.
- Under Apply network, select by device.
- Confirm that the Wi-Fi configuration options are correct and click Add.
Tip: In particular, pay attention to the SSID and passphrase, both are case-sensitive.
- Click Save.
For more information about adding a Wi-Fi network, see Add a Wi-Fi configuration.
- Connect to an open or unfiltered network temporarily while you set up your devices. You can remove this network from the list of preferred networks later by following the instructions to forget a network at Manage Wi-Fi networks.
- Apply Wi-Fi networks by device instead of by user. This ensures that devices can access your Wi-Fi network at the sign-in screen.
- Test your network with a single Chrome device before enrolling a large number of devices.
- If you have different networks for different organizational units, make sure you select the correct organization when you add a Wi-Fi network . For information about setting up organizational units in your Admin console, see Add an organizational unit.
Advanced setup802.1x deployment
Chrome devices support 802.1x authentication via certificates that are installed for each user on the device. Device-level 802.1x certificates are not supported. You need to be on the network to download the certificate for each user. Therefore, you should set up an open WPA/WPA2-PSK network, or use USB-to-Ethernet adapters to load the certificates on the device.
For more information, see Manage client certificates on Chrome devices.
Organizations with network-filtering devices doing Transport Layer Security (TLS) inspection (also known as SSL inspection) generally require a custom root certificate. The certificate is added to the Authorities tab in chrome://settings/Certificates. While this custom certificate works for most user-driven web requests, some system-level requests don’t use the certificate. In these cases, you shouldn't rely on it to protect the user from certain kinds of security risks.
Instead, install a custom root certificate for all users who sign in to your organization’s enrolled Chrome devices.
For more information, see Set up TLS (or SSL) inspection on Chrome devices.