RADIUS Authentication with Google Identity-as-a-Service

Written by Vince Lujan on November 29, 2017

Share This Article

Organizations the world over are shifting away from on-prem infrastructure in favor of the cloud. Many of those organizations are leveraging G Suite as their productivity platform, and some go even further to leverage Google Identity-as-a-Service (IDaaS) to authenticate users to Google Apps and a few select web applications. With so much of business being conducted on Google Cloud Platform (GCP) these days and G Suite is core infrastructure, securing access to these cloud based resources is critical – including access to the network itself.

One of the best ways to improve the security of your WiFi networks is through the Remote Authentication Dial-In User Service (RADIUS). That is why a common question we get is how to achieve RADIUS authentication with Google Identity-as-a-Service. Before we answer that question, we should discuss why RADIUS authentication is valuable.

The Value of RADIUS Authentication

WiFi networks are the norm at virtually all organizations today. While there are tremendous benefits to WiFi, there are some serious security drawbacks as well.

One major challenge with WiFi authentication is ensuring that only authorized individuals have access to the network and, subsequently, an organization’s resources. Fortunately, there are a few approaches that can effectively mitigate this challenge.

The most common approach to WiFi authentication in use today comes in the form of a shared SSID and passphrase. Shared SSID and passphrase authentication can be effective at keeping the majority of unauthorized users at bay, but it doesn’t offer the capability to easily control who is accessing your WiFi network because anyone with the SSID and passphrase effectively has full access. Even if you have a “café style” network where there is very little on-prem, your users are on the network and their devices are conduits to your critical systems, applications, and data.

That’s where RADIUS comes into play. Leveraging a RADIUS server can help create unique access to your WiFi for each person on your network. The advantage of this approach is that SSIDs and passphrases are no longer shared across multiple users. By controlling access with credentials unique to each individual user, IT admins can ensure that only authorized users are allowed into the network.

The trouble is that Google Identity-as-a-Service does not natively provide support RADIUS authentication. So to answer the question, if you are a G Suite customer, can your user’s leverage their G Suite credentials for WiFi access via RADIUS? The answer is yes, if you leverage a complementary solution to G Suite called Directory-as-a-Service®.

RADIUS Authentication with JumpCloud

JumpCloud includes RADIUS-as-a-Service as part of their larger Directory-as-a-Service platform. Directory-as-a-Service also offers G Suite directory sync capabilities allowing IT admins to easily import Google user identities into JumpCloud. The combination of these two capabilities empowers IT to implement RADIUS authentication using an individual’s unique Google credentials. You simply point your wireless access points to the hosted RADIUS service in the cloud and Directory-as-a-Service does the rest for you.

The advantage is that access to WiFi, and subsequently access to the breadth of Google’s cloud computing capabilities, can now be managed remotely from a centralized location in the cloud. Further, because RADIUS authentication with JumpCloud is backed by a comprehensive cloud-based directory, IT admins can federate imported Google identities to provision access to additional resources previously unavailable with Google IDaaS alone.

The best part is that RADIUS authentication is only one of many aspects of Directory-as-a-Service. By leveraging the wide array of other functionalities of the JumpCloud platform to manage all of their IT resources, both in the cloud and on-prem, admins have greater control over the entirety of their IT infrastructure – all the while integrating seamlessly with Google IDaaS and existing Google identities.

Learn More about WiFi Management with RADIUS

To learn more about how Directory-as-a-Service can provide RADIUS authentication with Google Identity-as-a-Service, drop us a note. You can also sign up for a free account and secure WiFi access with RADIUS-as-a-Service today. Your first ten users are free forever.

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter