Many IT organizations have been interested in leveraging G Suite passwords for their WiFi authentication. The mechanism that a lot of these organizations would like to use for this is FreeRADIUS. The idea would be to connect the WiFi network to the FreeRADIUS server which would then authenticate the user’s access to the G Suite directory.
While this process makes great sense in theory, the G Suite directory doesn’t work that way. G Suite (formerly known as Google Apps) isn’t an identity management platform. The good news is that there is another solution that can make this work with both G Suite and FreeRADIUS for WiFi authentication – it’s called Directory-as-a-Service®.
Envision Increased Security For WiFi Authentication
The vision here is simple. Leverage the G Suite password to be the central identity for a user. Have the user leverage their G Suite credentials to access their laptop or desktop, AWS cloud servers, on-prem and cloud applications, and the WiFi network. Specifically, with the case of authenticating access to the WiFi network, the IT organization would connect the WAPs to a FreeRADIUS server which would authenticate to the directory service.
It’s a vision that significantly steps up the security of the WiFi network. IT admins realize that a shared SSID and passphrase is not enough to secure the wireless network and that integrating RADIUS would enforce unique network access.
Vision Becomes Reality With JumpCloud®
The path to achieving this vision is to leverage Directory-as-a-Service®. The cloud-hosted directory service accomplishes a number of the pieces. Directory-as-a-Service has two major components: RADIUS-as-a-Service and the core, authoritative directory service.
The first step is to integrate the cloud directory with G Suite. This enables the cloud identity provider to be the authoritative source of truth for identities. You can provision, deprovision, and modify users within G Suite from Directory-as-a-Service. With the user’s G Suite credentials within the cloud directory, it is then possible to move to the next step. That step is to connect the wireless access points to the cloud RADIUS endpoints within the IDaaS platform. The virtual FreeRADIUS server automatically connects with the onboard directory service. The user then simply enters their G Suite credentials into the onboard supplicant on each machine. The supplicant then sends the credentials to the WAP, which in turn forwards them off to the RADIUS-as-a-Service solution. That RADIUS server determines through the directory service whether the credentials are correct or not. That completes the circle to authenticate the user via the cloud FreeRADIUS server.
Witness DaaS Integration with G Suite and FreeRADIUS
If you would like to learn more about G Suite and FreeRADIUS and how to authenticate your WiFi networks, drop us a note. We think that you will be impressed by the integration of our Directory-as-a-Service platform with G Suite and FreeRADIUS.