UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
...
Here is a break-down of anonymous outer identity support for some popular EAP types:
| EAP-Type | Support for anonymous outer identites |
|---|---|
| EAP-TTLS | yes |
| PEAP | yes |
| EAP-FAST | yes |
| EAP-TLS | support in protocol, but not typically available in supplicants |
| EAP-PWD | no |
If the EAP type allows for the use of outer identities, it is a client device configuration option to either make use of them or not; there is little you as an IdP can do to force the use of anonymous outer identities (except for providing and encouraging the use of pre-configured installers which will then make all the necessary settings on the client device automatically).
...