Secure RADIUS for WiFi Authentication

Written by Rajat Bhargava on August 8, 2016

Share This Article

WiFi authentication is an important problem to solve in today’s organizations.

IT has largely shifted from wired networks to wireless. This has led to increased productivity for end users, less cost for IT, and greater flexibility across the board.

But WiFi networks have also brought challenges for IT, the biggest of which has been WiFi security. The signal is no longer protected by cabling, but is in the open air. That means that anybody that is in range of the connection potentially has access. IT organizations are leveraging a secure RADIUS approach for their WiFi authentication to solve this issue.

Weaknesses of Conventional RADIUS Authentication


Unfortunately, it is difficult to finely control the signal for WiFi networks – and that can lead to people having access who aren’t supposed to have access.

Often you turn up the gain so that the signal can reach all of your users and Internet connectivity is available throughout your office. The downside of that is that your signal is visible outside of your facilities as well. Your neighbors below you, in the parking lot outside of you, and in the building next door can all access your network.

Historically, IT organizations would simply secure their network with WEP or WPA encryption.

But today, most IT admins know that those protocols aren’t secure and can often be hacked with open source tools. Further, the SSID and passphrase to enter the WiFi network are often just passed along in emails or via word of mouth. So when an employee is terminated, the IT group needs to change the passphrase… causing disruption to the workforce.

More Efficient and Secure WiFi Authentication


There is a better way to secure your WiFi authentication and reduce the chances of a breach.

You connect your WiFi infrastructure to your central user directory. This connection is done via a secure RADIUS implementation and as a result, each user is required to uniquely authenticate to your network. A common SSID and passphrase no longer gets them on to the network.

Here’s how it works.

The WiFi access points are connected to a RADIUS server. The server then is connected to the identity provider. When a user logs on to the network, the operating system passes the user’s credentials along to the access point which in turn passes them up to the chain to the RADIUS server. The RADIUS server validates the credentials with the directory server and then—if all is good—the user is let on to the network. The user must have unique credentials that match those in the directory server.

This approach is a significant step up in security for an organization. The challenge becomes how to implement this elegant, secure approach.



A secure cloud RADIUS implementation saves IT admins significant amounts of time. Inclusive of a core, cloud-based directory service, the JumpCloud® RADIUS-as-a-Service functionality is an all-encompassing service to securely connect users to their WiFi networks leveraging directory authentication.

Leveraging a variety of RADIUS protocols including the standard PEAP protocol, JumpCloud’s secure cloud RADIUS service is easy to implement across an entire organization. With only simple configuration of the WiFi access point to authenticate via the cloud RADIUS server and virtual directory service, IT admins can implement a secure WiFi authentication approach quickly and cost-effectively.

Get Started for Free

If you would like to learn more about the JumpCloud Directory-as-a-Service® platform and how it can help implement virtual RADIUS services for you, drop us a note. Or, give JumpCloud’s RADIUS-as-a-Service functionality a try here. Your first 10 users are a free forever.

Continue Learning with our Newsletter