By Greg Keller Posted July 11, 2019
Most organizations have moved to wireless networks from the old traditional wired networks.
Wireless is easier to manage, more cost-effective, and more agile.
Users love WiFi. They can work wherever they want in the building or space, there are no cords, and they can always stay connected. But for IT admins, the benefits of implementing WiFi do come with some drawbacks – namely in how to manage WiFi users.
WiFi and Security
WiFi doesn’t have a reputation for being the most secure IT platform. Wireless access points have traditionally been secured through an encrypted connection – either WEP or WPA. Access to the network is controlled through an SSID and passphrase.
Anybody that has the SSID and passphrase is able to connect to the network. In larger offices, common credentials can spread quickly. As users come and go, if the credentials aren’t updated then the network is at risk. Terminated employees and former contractors will still have access.
For tiny organizations this is generally fine. Updates to the passphrase can be easily communicated. But that’s not the case for larger WiFi environments. So what can organizations do?
It Starts with Unique User Identities
The two major approaches to managing WiFi users both share a common theme: dramatically increasing the security of the WiFi platform comes from requiring users to connect to the network uniquely.
With unique user credentials, there isn’t a common password that enables access. Each user must have their own username and password. Users can be added and terminated independently from others ensuring that only the users you intend are the ones that can access the network.
LDAP & RADIUS – The Two Approaches to Manage WiFi User
You can manage WiFi users by connecting the wireless network either directly to LDAP or to other directory services via RADIUS.
In both cases, a user’s general credentials are utilized as the entry point. But the processes diverge when it comes to how they connect to theWiFi network.
If the wireless network is connected to LDAP, users will connect to the network via the usual SSID and passphrase. From there a login portal will appear via their browser. The user enters their credentials and they are granted access.
If the wireless network leverages RADIUS to connect to directory services, then the same process is followed except that the individual’s credentials are entered into the RADIUS supplicant once. From then on, the user is automatically granted access. Users must supply unique credentials in order to access the network.
Advantages to RADIUS
The beauty of the second approach is that the IT admin can control and manage access in one place: the central, authoritative user directory.
JumpCloud’s Directory-as-a-Service™ is granting organizations the ability to tightly control WiFi access. IT admins can leverage JumpCloud’s RADIUS server endpoint or connect to JumpCloud via their own RADIUS server.
LDAP as a Viable Alternative
If an IT organization would prefer to leverage LDAP, they aren’t out of luck. Hosted LDAP is a core part of the Directory-as-a-Service platform. Users can be centrally managed within the JumpCloud platform. From your web browser, the power to control who is granted WiFi access – and who is not – is at your finger tips..
Want Better WiFi Management?
If you would like to level up your WiFi management and security, check out Directory-as-a-Service. Our clients tell us it’s an easy way to take the next step in centralizing control over their users and effectively managing access to the IT resources they need. Plus, you can sign up for a free account today, and you’ll get the chance to evaluate the product with 10 users included for free.