Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!
Case Studies

Financial Enterprise Invests in Wi-Fi Security with Cloud RADIUS

Cloud Radius
Microsoft Active Directory
Case Study Hero BG

Deployment Timeline

Merging existing organizations presents a range of challenges that either organization may overlook –
especially when it comes to security. This was the case when our customer, having just acquired another company, was planning to merge with their acquisition and wanted to align their network security

They reached out to us at the beginning of 2022. Our support team worked with them to understand their needs and tailor a solution to those needs, ensuring that the customer was able to deploy it within a month.


The first challenge to arise was the newly merged company’s desire to move beyond Microsoft Active Directory as its source of truth. With more office locations to manage since the merger, it was more important than ever that they be able to move as much of their infrastructure to the cloud as possible.

Quote Left Icon
We knew we wanted to add RADIUS authentication to our Wi-Fi security, but we didn’t want to depend on on-prem Microsoft Active Directory to do it. We were moving to Okta as our source of truth, and we looked at RADIUS servers that could integrate with it, which is how we found Cloud RADIUS

But a cloud-hosted RADIUS server that could integrate with Okta wasn’t all they needed. Interestingly, the organization had already established its own PKI, and one challenge they were running into was deploying certificates from it to their managed Chromebooks.

So, on top of a RADIUS service, they were on the lookout for a unique solution that would allow them to deploy certificates from their own PKI to their numerous devices. At SecureW2, we pride ourselves on being able to tailor solutions to each customer challenge that arises – and we were happy to rise to the occasion once again.


How SecureW2’s PKI and Chromebook Extension Work

The first step was simple: deploying Cloud RADIUS across the organization’s network. As the name implies, Cloud RADIUS is a cloud-native service, which means it’s scalable across large networks; employees can authenticate to it from any location across the globe. This was an appealing quality for a large enterprise that had just merged with another, bringing numerous offices into the fold.

Additionally, Cloud RADIUS is vendor-neutral. It can integrate with any major Identity Provider, including Okta. With its powerful identity lookup capabilities, it can even interface with Okta in real-time at the time of authentication in order to provide the most up-to-date policies from your directory.

However, far and away the most significant benefit Cloud RADIUS offered to the company was its passwordless design. Cloud RADIUS was created for passwordless, certificate-based authentication, which made it a hand-in-glove solution for this organization, which was working on deploying its own digital certificates.

One other issue needed to be addressed: deploying certificates to their managed Chromebooks. Their existing PKI had no extension for enrolling Chromebooks due to the format of its certificate templates, but SecureW2 has experience with this issue. Chromebooks are also unique in that users generally can’t just install any software they want; they can, however, install extensions.

This would normally mean that customers can’t install the dissolvable client necessary for our onboarding solution to function properly. However, we have created a special extension that achieves the same goal of self-service certificate enrollment on Chromebooks.

Quote Left Icon
SecureW2’s support team worked with us to tie in our existing Certificate Authorities with their solution. Their extension allows us to automatically deploy certificates to every Chromebook on our network, which saves our IT department so much time

Evaluating Success

Today, while the enterprise continues to adjust to its merger, it no longer needs to worry so much about the security of its Wi-Fi. Cloud RADIUS authenticates every user and device that attempts to access their network, protecting valuable company resources from the dangers of unauthorized access.

Each new device is automatically enrolled for certificates from their CAs, thanks to SecureW2’s unique Chromebook extension. Employees don’t need to do anything themselves when they’re onboarded; certificates are installed for them, ensuring seamless connectivity and productivity.

Once the certificates are installed on the device, Cloud RADIUS can search for the user in Okta at the time of authentication. The end result is that their IT team can rest assured that their updates to policies in Okta are effortlessly extended to their network authentication with no additional effort on their part.

We asked them what they felt the best part of the experience was. Without any hesitation, Antonin replied:

Quote Left Icon
Working with the SecureW2 support team was fantastic. It was clear to us that they were experts, and not only were able to find a solution that worked with our current infrastructure – they helped us deploy it.