Deployment Timeline
Merging existing organizations presents a range of challenges that either organization may overlook –
especially when it comes to security. This was the case when our customer, having just acquired another company, was planning to merge with their acquisition and wanted to align their network security
practices.
They reached out to us at the beginning of 2022. Our support team worked with them to understand their needs and tailor a solution to those needs, ensuring that the customer was able to deploy it within a month.
Challenges
The first challenge to arise was the newly merged company’s desire to move beyond Microsoft Active Directory as its source of truth. With more office locations to manage since the merger, it was more important than ever that they be able to move as much of their infrastructure to the cloud as possible.
But a cloud-hosted RADIUS server that could integrate with Okta wasn’t all they needed. Interestingly, the organization had already established its own PKI, and one challenge they were running into was deploying certificates from it to their managed Chromebooks.
So, on top of a RADIUS service, they were on the lookout for a unique solution that would allow them to deploy certificates from their own PKI to their numerous devices. At SecureW2, we pride ourselves on being able to tailor solutions to each customer challenge that arises – and we were happy to rise to the occasion once again.
Solution
How SecureW2’s PKI and Chromebook Extension Work
The first step was simple: deploying Cloud RADIUS across the organization’s network. As the name implies, Cloud RADIUS is a cloud-native service, which means it’s scalable across large networks; employees can authenticate to it from any location across the globe. This was an appealing quality for a large enterprise that had just merged with another, bringing numerous offices into the fold.
Additionally, Cloud RADIUS is vendor-neutral. It can integrate with any major Identity Provider, including Okta. With its powerful identity lookup capabilities, it can even interface with Okta in real-time at the time of authentication in order to provide the most up-to-date policies from your directory.
However, far and away the most significant benefit Cloud RADIUS offered to the company was its passwordless design. Cloud RADIUS was created for passwordless, certificate-based authentication, which made it a hand-in-glove solution for this organization, which was working on deploying its own digital certificates.
One other issue needed to be addressed: deploying certificates to their managed Chromebooks. Their existing PKI had no extension for enrolling Chromebooks due to the format of its certificate templates, but SecureW2 has experience with this issue. Chromebooks are also unique in that users generally can’t just install any software they want; they can, however, install extensions.
This would normally mean that customers can’t install the dissolvable client necessary for our onboarding solution to function properly. However, we have created a special extension that achieves the same goal of self-service certificate enrollment on Chromebooks.
Evaluating Success
Today, while the enterprise continues to adjust to its merger, it no longer needs to worry so much about the security of its Wi-Fi. Cloud RADIUS authenticates every user and device that attempts to access their network, protecting valuable company resources from the dangers of unauthorized access.
Each new device is automatically enrolled for certificates from their CAs, thanks to SecureW2’s unique Chromebook extension. Employees don’t need to do anything themselves when they’re onboarded; certificates are installed for them, ensuring seamless connectivity and productivity.
Once the certificates are installed on the device, Cloud RADIUS can search for the user in Okta at the time of authentication. The end result is that their IT team can rest assured that their updates to policies in Okta are effortlessly extended to their network authentication with no additional effort on their part.
We asked them what they felt the best part of the experience was. Without any hesitation, Antonin replied: