G Suite And FreeRADIUS For WiFi Authentication

By Vince Lujan Posted December 5, 2019

Many IT organizations are interested in leveraging G Suite passwords for WiFi authentication. The common thought is to connect the WiFi network to a FreeRADIUS server, which would then authenticate user credentials against the G Suite directory. 

Unfortunately, G Suite (formerly Google Apps™) doesn’t offer the capability to integrate with FreeRADIUS servers. The good news is that JumpCloud Directory-as-a-Service® can import G Suite identities and provide WiFi authentication via FreeRADIUS using G Suite credentials.

Envision Increased Security For WiFi Authentication

The vision here is simple: 

  1. Leverage G Suite credentials as the central identity for a user. 
  2. Have the user utilize their G Suite credentials to access their laptop or desktop, AWS® cloud servers, on-prem and cloud applications, and the WiFi network. 

Specifically, in the case of authenticating network access via WiFi, the IT organization connects the WAPs to a FreeRADIUS server which would authenticate to the directory service. 

It’s a vision that significantly enhances the security of the WiFi network. IT admins realize that a shared SSID and passphrase is not enough to secure the wireless network and that integrating RADIUS enforces unique network access. This integration makes it so each user has their own unique set of credentials for network access. 

Vision Becomes Reality With JumpCloud®

The path to achieving this vision is to leverage Directory-as-a-Service®. The cloud-hosted directory service accomplishes a number of the pieces. Directory-as-a-Service has two major components in this respect: RADIUS-as-a-Service and the core, authoritative directory service. 

The first step is to integrate the cloud directory with G Suite. This enables the cloud identity provider to become the authoritative source of truth to manage G Suite user identities. You can provision, deprovision, and modify users within G Suite from Directory-as-a-Service. 

With the user’s G Suite credentials within the cloud directory, it is then possible to move to connect the wireless access points to the cloud RADIUS endpoints within the IDaaS platform. The virtual FreeRADIUS server automatically connects with the onboard directory service. 

The user then simply enters their G Suite credentials into the onboard supplicant on each machine. The supplicant then sends the credentials to the WAP, which in turn forwards them off to the RADIUS-as-a-Service solution. 

The main event occurs when the RADIUS server determines whether the credentials are correct or not through the directory service. Thus, it completes the circle to authenticate the user via the cloud FreeRADIUS server.

Additional Benefits

Note that the benefits of the JumpCloud / G Suite integration are not limited to RADIUS authentication for WiFi either. JumpCloud admins can import and extend G Suite credentials to virtually any IT resource via the comprehensive Directory-as-a-Service platform. 

In other words, in addition to WiFi authentication via RADIUS, JumpCloud users can authentication and gain access to their systems, applications, files, and networks. All of this is possible while preserving the original G Suite user credentials. 

Witness DaaS Integration with G Suite and FreeRADIUS  

Video Embedded: Configuring RADIUS: https://youtu.be/huYGqYExoxs

If you would like to learn more about G Suite and FreeRADIUS and how to authenticate your WiFi networks, drop us a note. We think that you will be impressed by the integration of our Directory-as-a-Service platform with G Suite and FreeRADIUS.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts