Apple Open Directory WiFi/RADIUS Authentication

Written by Rajat Bhargava on March 4, 2016

Share This Article

Are you looking to connect your WiFi infrastructure to Apple Open Directory through RADIUS integration? If so, you are already aware  that you are taking a significant step towards WiFi security by connecting it to your directory service. You also know that the process of integrating all of those components together can be time-consuming and challenging. There are at least four moving parts: your endpoints, WiFi access points, your RADIUS servers, and the core user directory. These four components are all a part of the equation in order to enable WiFi authentication. Rather than building and maintaining all of these components, a RADIUS-as-a-Service platform can support all of these issues.

Enabling WiFi Authentication

Apple Open Directory and RADIUS

For organizations that are leveraging Apple Macs, Apple Open Directory is often the best choice for directory services. In order to connect Open Directory  to your WiFi infrastructure, there is an intermediary service required. That service is RADIUS. By leveraging the RADIUS server, user credentials are passed from the user leveraging a supplicant through the WiFi access point to the RADIUS server. And, subsequently, the RADIUS server will authenticate those credentials with the directory service. The benefit of this approach for IT is that it dramatically increases the security of the WiFi network.

Directory-as-a-Service® and RADIUS

The real challenge for IT admins is integrating all of these components and running them efficiently. Today, there are third-party outsourced platforms that can assist IT organizations with their WiFi authentication challenges. A Directory-as-a-Service platform provides many of the components as a SaaS-based service. Specifically, the core user directory service is provided as a virtual directory service. IT admins simply add their users. They do not, however, have to manage the hardware or the software for the directory service. In addition, the Directory-as-a-Service platform adds the ability to run the RADIUS infrastructure for the organization. A global network of RADIUS servers is provided. Each organization will direct their WiFi access points to this server. The RADIUS-as-a-Service functionality will then communicate with the cloud directory service to authenticate user credentials. By outsourcing the WiFi authentication components, IT organizations can quickly implement the ability to secure their wireless networks.

Directory-as-a-Service is a cloud-based directory service that securely connects users to the IT resources they need, regardless of platform, protocol, or the location of the user or IT resource. The core functionality of the platform includes centralized user management, LDAP-as-a-Service, RADIUS-as-a-Service, True Single Sign-On™, device management, and more.

If you would like to learn more about how DaaS can support your identity management efforts, drop us a note. We’d be happy to discuss it with you. Or, alternatively, feel free to sign-up for a free account. Your first 10 users are free forever.

Continue Learning with our Newsletter