Documentation

Integration with Identity Providers for RADIUS Authentication

JoinNow Cloud RADIUS is the industry’s only RADIUS Server that performs enhanced certificate-based authentication and runtime-level policy enforcement. This means that at the moment of authentication, it can validate a user/device/group’s status securely inside your Cloud Identity Provider. This empowers organizations to offer granular zero-trust policies that can be enforced in real-time. To learn more, read the documentation we have created on our cloudradius.com website.

Integration with Identity Providers for Certificate Issuance

SecureW2 acts as an authority to verify user identities and issue X.509 certificates. It integrates with the SAML provider’s user database and uses a Public Key Infrastructure (PKI) to authenticate user data that is contained in the SAML application. This ensures that users connect to the authentic SAML provider, and vice versa. When a user enters their credentials in the SAML application, the identity provider (IDP) verifies the user’s identity and returns attributes for the user. These attributes serve as network rules that determine the user’s access rights, which network segments/resources they can use, and more. SecureW2 encodes these attributes on the certificate it issues, and then installs the certificate on the user’s device. This is helpful for authenticating access to Wi-Fi, VPNs, Web Apps, and Email.

MDM/EMM Integrations for Certificate Lifecycle Automation

The onboarding process for MDMs has always been a struggle, primarily due to the necessity of manually connecting each device to the network. The SecureW2 MDM solutions utilize a SCEP Gateway to enroll MDMs for network access and automatically push out certificates. This solution integrates with MDMs from all major vendors and, once configured, distribute certificates without end-user interaction.

Setting up RADIUS on Wireless Controller/Access Points

In order to control who has access to a secure network, users that attempt to connect need to be efficiently and accurately identified as an approved or unapproved user. A RADIUS server is instrumental in this process. The RADIUS will first authenticate that the user is connecting through the correct authentication protocol, such as EAP-TLS. Once that is confirmed, the RADIUS analyzes the certificate to identify the user and determine whether they are allowed to be on the network. If they are, they are authorized and directed to the secure SSID for protected network use.

Setting up Onboarding SSIDs on Wireless Controllers/Access Points

An onboarding SSID is a SSID that the end users can navigate to and they can easily onboard their devices for secure network access. It is an open SSID with a Walled Garden/ACL so that the end users can only access onboarding-related resources, such as SecureW2, the Google Play Store, your Identity Store, and so on. After their devices are onboarded, they are migrated to the secure SSID for a secure and encrypted network access.