By Rajat Bhargava Posted June 13, 2019
The era of cloud solutions is in full swing. Just about any piece of infrastructure or application can now be delivered from the cloud. Of course, many of these solutions have been “cloud-washed,” but others have been built directly for the cloud. One of the areas that has not kept up with the move to the cloud is identity management. IT admins have long viewed their core user identities as being too important and too sensitive to place in the cloud. However, with more critical applications and infrastructure moving off-premises, more organizations are leveraging Identity-as-a-Service platforms. A key component of cloud-based directory services is a cloud FreeRADIUS server.
Cloud FreeRadius and Identity Management
Authenticating into a WiFi network is now a core part of the process in securing the network. Most WiFi networks are fairly easy to compromise with only an SSID and passphrase for protection. Those shared credentials can easily be obtained and it is difficult and time-consuming to constantly be changing the credentials when the status of employees is frequently changing. As a result, IT admins will often look to connect their WiFi infrastructure to their core directory service so that each user will be uniquely authenticated to the network. In effect, the network is turned off for any user with just the shared SSID and passphrase until they have been authenticated. The user’s device passes their directory services credentials through the WiFi infrastructure to a RADIUS server and then on to the directory. If the user’s credentials are correct, the user is granted access to the network. If not, access is denied. The most important aspect of this approach for IT admins is the dramatic increase in security. Users only enter their credentials into the on-board supplicant once, so the user experience is seamless.
Reduction in Manual IT Labor
The challenge for a lot of IT admins is the infrastructure to pull off a WiFi authenticating network. Beyond the obvious issues of standing up servers and integrating the components, there is also the issue of where an organization’s directory is located. Many organizations that are leveraging Google Apps have no ability to authenticate WiFi users with G Suite™ Directory because it doesn’t act like a traditional directory service. A cloud FreeRADIUS service can take away the difficult work of the setup, configuration, and integration of RADIUS and the integrated cloud directory service. All of those tasks can be transferred to a SaaS-based identity management provider. G Suite can be seamlessly integrated so that a user’s G Suite credentials serve as their WiFi authentication credentials as well. The organization receives the benefits of increased security and the IT organization doesn’t have to do the time consuming and difficult tasks it would normally face.
If you would like to learn more about how a cloud FreeRADIUS system can support your WiFi security initiatives, drop us a note. We’d be happy to discuss how Directory-as-a-Service® is integrating a variety of components of modern directory services such as centralize user management, LDAP-as-a-Service, True Single Sign-On™, RADIUS-as-a-Service, device management, and more. Or, if you want to see DaaS in action, sign-up for a free account. Your first 10 users are free forever.