Modern Passwordless RADIUS Designed for Cloud Identities

The only Cloud RADIUS solution that doesn’t rely on legacy protocols that leave your organization susceptible to credential theft.

Why Cloud RADIUS?


Passwords account for over 60% of network breaches according to Verizon. Password-based authentication has always been vulnerable to Over-the-Air attacks, but with the rise of the Cloud and Remote Work, are now being sent out of your network and through the internet. This is why industry titans like Microsoft and security agencies like CISA have recommended moving away from passwords and adopting certificate-based network authentication.

Certificates only communicate their public key over the air, can’t be exported from their device, contain user and device contextual identification for Zero Trust Policies, and are the gold standard of security. RADIUS servers that authenticate via username and passwords have shown time and again to be vulnerable to credential theft. SecureW2’s Cloud RADIUS makes passwordless easy.

How Does Cloud RADIUS benefit you?

Icon Paragraph Block

100% Passwordless, No More LDAP Dependence

No more LDAP & AD servers. Retire your passwords for network security.

Icon Paragraph Block

Cloud-Identity Powered Network Security

Designed with native integration to Azure AD, Okta, and Google environments to leverage all your existing policies for ultra-secure network authentication.

Icon Paragraph Block

Device & User Context

Digital Certificates are at the heart of EAP-TLS security, which provides both device and user context for Zero Trust Network Security.


  • Enforce Policies with Real-Time User Lookup against Azure, Okta, & G-Suite.
  • Designed for Passwordless Certificate-Based Security.
  • MDM Integration via Gateways for Corporate and IoT Devices.
  • Industry-Unique Access Policy Engine Designed for Azure, Okta, & G-Suite.
  • Including Self-Service 802.1x Setup Software for All Operating Systems.
  • Single-Pane Management Software for AAA, Onboarding & Certificate Lifecycle Management.

As an organization we had an initiative to move everything to the cloud. SecureW2 allowed us to remove our reliance on AD, and use our Azure AD directly for our Wi-Fi and VPN authentication.

Senior Infrastructure Engineer


What Identity Providers does Cloud RADIUS work with?

Cloud RADIUS performs certificate-based authentication, rather than password-based, so you can use any Identity Provider to issue and manage the certificates used for authentication. Cloud RADIUS can also be configured to perform an additional run-time authentication, by verifying user, group, or device status within a directory. This additional verification has currently been tested with Azure AD, Okta, and Google.

Does Cloud RADIUS Support LDAP?

Yes and no. While LDAP can be used to enroll a user or machine for a certificate, Cloud RADIUS will not use LDAP to authenticate or authorize any users. LDAP uses passwords, which are unsafe over the air and through the cloud.

Do I need a PKI to use Cloud RADIUS?

Yes. RADIUS passwordless security typically requires a Public-Key Infrastructure (PKI), which deploys digital certificates to a wide variety of devices. The tightly integrated JoinNow Connector Cloud PKI can be bundled with your Cloud RADIUS service, or you can use your existing PKI.

Why should I consider transitioning away from password-based network authentication?

Numerous organizations around the world are sounding the alarm when it comes to the insecurity of credentials. NIST, Microsoft, and CISA have all advised businesses to move away from passwords for various security reasons. Certificate-based authentication checks multiple boxes: it’s more secure, cost-effective, and believe it or not user friendly as it eliminates network disconnects when passwords keep rotating.

Can I use multiple different Identity Providers?

Yes. Customers come to us with multiple Azure AD organizations, or different teams using different Vendors like Google or Okta. Cloud RADIUS can be configured to verify user, group, and device identities in real-time from multiple different Identity Providers, giving you a centralized authentication platform for all your Identity Infrastructures.

I have Multi-Factor Authentication (MFA). Isn’t that passwordless?

True, however, MFA is not really practical for Wi-Fi / Wired security as devices move around the campus triggering numerous re-auths. While MFA is better than static usernames and passwords, they have their challenges. This is why security agencies like CISA have recommended certificate-based authentication over MFA. While many do, not all VPN infrastructure can support certificate-based authentication. For those customers, SecureW2 offers native Azure MFA integration on Cloud RADIUS.