Passpoint is the premier tool for ensuring your users have network access while roaming, but it can be a little difficult to deploy. Fortunately, SecureW2 has a solution that integrates into your existing infrastructure to allow you to utilize Passpoint without any major network overhauls.
Below is an overview of the process.
Requirements for Passpoint with G-Suite
- A G-Suite account
- A G-Suite directory for use as an Identity Provider
- SAML app configured through G-Suite
- An active SecureW2 Cloud Connector subscription
- Passpoint-supported Access Points and Devices
Configure a G-Suite IdP
This guide assumes you’ve already been using G-Suite as your identity provider. We will connect it to the SecureW2 platform through SAML to enable Passpoint.
If you have not yet configured a user directory through G-Suite, refer to this guide. If you’d like to use it for your WPA2-Enterprise network with EAP-TLS, SecureW2 has the industry’s most secure option. Learn about it here.
“Create” an Identity Provider in SecureW2
We will pre-register an IdP in SecureW2 that will later be connected to your existing G-Suite IdP.
- In the Identity Management section, click on the Identity Provider
- Click Add Identity Provider and fill the Name and Description sections
- In the Type section, enter SAML and click Save
Create a SAML Application in Google Apps
- Login to Google Admin Console
- Click Apps and select SAML Apps
- A yellow circle will appear in the bottom right corner. When you hover over it, you will see Enable SSO for a SAML Application, click on it
- Click Set Up My Own Custom App
- Download the IDP metadata
- Navigate to the Identity Provider SecureW2 page, and click on the Configuration tab
- Under Identity Provider (IDP) Info, click Choose File
- Choose the downloaded metadata file, and then click Upload and then Update
- Navigate back to the Google SAML App Setup
- Enter the basic information for your app in step 3 of 5 (Application Name, Description) and then click Next
- Step 4 requires an ACS URL and EntityId from the SecureW2 Management Portal
- Navigate back to the SW2 Management Portal and copy the ACS URL and EntityId from the Identity Provider section, and paste it into the Service Provider Details of the Google SAML App Setup
- Check the box for Signed Response in the Google Admin page, click Next and Finish
Enable Passpoint with G-Suite
Now that your G-Suite account is connected to SecureW2, you have access to the tools needed to implement Passpoint on your network.
You just need three more things:
- Onboarding Client
- OSU Server
- Remediation Server
Onboarding Users for Passpoint
To avoid the burden of manually adding each user (or worse, asking them to self-enroll), you’ll need an onboarding client.
SecureW2 is well-known for its automatic onboarding software. Our management portal allows you to create and push a config package to MDM/AD-Domain managed devices or BYODs which prompts the end user to begin the automatic enrollment and subsequent self-configuration for their device. It’s a quick, foolproof way to get all of your users onboarded for your network and Passpoint.
Passpoint r2 and beyond allows users to self-enroll through an OSU (Online Sign Up) server, a very similar process to our own onboarding software. It also requires you to set up a Remediation server for users that fail to enroll, usually because their device OS isn’t updated. The remediation server provides limited network access to help users troubleshoot their issue and correctly configure their device.
SecureW2 Enables Passpoint for G-Suite
Ready to deploy Passpoint on your network to enable roaming for users without a major infrastructure overhaul? SecureW2 can integrate into your existing network and fill in the gaps without any forklift upgrades.
We have affordable options for organizations of all sizes. Click here to see our pricing.