Integrating SecureW2 with Microsoft NPS

Integrating SecureW2 with Microsoft NPS

SecureW2’s onboarding solution requires no forklift upgrades and leverages existing infrastructure to integrate with your RADIUS. Our solutions work with all major RADIUS vendors and allow for a smooth transition into certificate-based authentication. Along with the security and network visibility benefits of certificates, they can be utilized for SSL inspection, VPN, wired security, and much more, making a certificate platform a valuable multi-use tool at your disposal. The setup below will demonstrate how to integrate with an existing RADIUS to authenticate x.509 certificates for secure Wi-Fi access.

To complete this setup, you will need to have configured:


  • A SecureW2 Network Profile
  • A Microsoft NPS RADIUS Server
  • An Identity Provider


Adding a Network Policy

  1. Go to Windows > Run > MMC
  2. In the Console, navigate to File > Add/Remove Snap-in
  3. In the Add/Remove Snap-in window, select Network Policy Server from the Available snap-ins, and click Add
  4. In the Select Computer window, select Local Computer, and click OK

Adding the Network Policy Server (NPS)

  1. In the Add/Remove Snap-in window, click OK
  2. In the Console, navigate to NPS (Local) > Policies > Network Policies
  3. In the Actions pane on the right, click New under Network Policies and the New Network Policy wizard will appear
  4. In the Specify Network Policy Name and Connection Type page, enter the Policy Name and click Next
  5. In the Specify Conditions page, click Add and the Select condition page appears
  6. Select NAS Port Type, and click Add, and the NAS Port Type window appears
  7. From the Common 802.1X connection tunnel types section, select Wireless – IEEE 802.1, and click OK
    • The condition gets added to the Specify Conditions page
  8. Click Next and the Configure Authentication Methods window appears
  9. Under EAP Types, click Add and the Add EAP window appears
  10. Select Microsoft Smart Card or other certificate, and click OK
  11. De-select all the other check boxes under Less secure authentication methods and click Next
  12. In the Configure Constraints window, click Next
  13. In the Configure Settings window, click Next
  14. In the Completing New Network Policy window, click Finish

Configuring Network Policy for EAP-TLS

Connecting the RADIUS Client

  1. Go to Windows > Run > MMC
  2. In the Console, navigate to NPS (Local) > RADIUS Clients and Servers > RADIUS Clients
  3. In the Actions pane on the right, click New RADIUS Clients and the New RADIUS Client window appears
  4. Enter a Name and the IP address in the Friendly name and Address (IP or DNS) fields, respectively
  5. Enter the shared secret in the Shared secret and Confirm shared secret fields, and click OK

Creating a RADIUS Client

Downloading the Root and Intermediate CA from SecureW2

  1. Go to the SecureW2 JoinNow MultiOS and Connector Management Portal
  2. Navigate to PKI Management > Certificate Authorities
  3. Download both the Root and Intermediate CAs for the organization

Installing certificates onto the management server

Installing the Root and Intermediate Certificates

  1. Go to your server where you want to install your the certificates
  2. Go to Windows > Run > CMD and go to the folder where you have saved your certificates
  3. To install the certificates, run the following command consecutively for both the certificates:
C:\Certificates Folder> certutil -dspublish -f <certificate name>

Installing the Certificate Authority on the server

Concluding Thoughts

Once completed, SecureW2 solutions will have fully integrated with the existing Microsoft NPS RADIUS. By leveraging the infrastructure already in place with a WPA2-Enterprise network, wireless connection can be easily achieved by users and allow them to avoid disconnections due to password expiration policies. For network administrators, the ability to remotely diagnose and address connection issues, as well as tie every user and device to a network connection, will greatly reduce the number of wireless connection support tickets. So if you’d like to try out SecureW2, or have any questions about how we integrate with Microsoft NPS RADIUS server, drop us a line! We are happy to introduce a network professional with an Microsoft NPS expert to facilitate a free trial and show how easy it can be to deploy certificate-based authentication.

Microsoft NPS is either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks, logos and service marks used in this site are the property of SecureW2 or other third parties.

  • Email addresses from free providers (Gmail, Hotmail, etc.) will not be accepted.
  • This field is for validation purposes and should be left unchanged.