By Zach DeMeyer Posted December 16, 2019
With more IT networks leveraging wireless technology, some are curious as to how Microsoft® Active Directory® (AD) can manage access to WiFi. There are several ways to sync AD with WiFi networks, but not all of them are easy. Let’s talk about how to go about it.
The Evolution of the Network
Historically, the IT network was wired. Snaking Ethernet cables connected on-prem Windows®-based systems and applications together so that users leveraging their laptops and desktops could access what they needed. As the internet became a standard, this physical internal network served as the core of connectivity to the outside world via the internet. At the center of it all was Active Directory.
Active Directory is an identity provider (IdP) which ensures that authorized users have access to the resources they need. In an on-prem network, AD acts as the domain controller, the central hub for identities in an organization. Since everything on-prem was directly connected to the AD domain controller server, authenticating access was fairly easy.
Today, however, the IT landscape has changed significantly. There’s a growing variety of IT resources, including macOS® and Linux® systems, cloud infrastructure from AWS® and others, and web applications. Oftentimes, access to these modern IT resources occurs through WiFi. Traditionally, that user access would be controlled by the on-prem domain controller, but with WiFi infrastructure that isn’t always the case.
Many organizations utilize a bridge solution — most often a RADIUS server — to connect WiFi networks with the directory service to authenticate access. While a RADIUS server does the trick for many, it doesn’t come without its challenges.
Syncing AD with WiFi Networks Through RADIUS
What is RADIUS?
RADIUS is a network authentication protocol that requires a unique set of credentials for WiFi access instead of a shared WPA key. With a RADIUS server, users silently authenticate to AD to ensure that resource access is secured.
Leveraging RADIUS infrastructure, however, requires intense technical integration and configuration to run properly. The RADIUS servers themselves need to be set up, and wireless access points need to be directed to route authentications through the RADIUS server. Then, the RADIUS server needs to be integrated with the on-prem Active Directory infrastructure in order to validate end user credentials before WiFi access is granted.
Beyond that, the RADIUS infrastructure needs to be constantly maintained to ensure proper operation, and often require redundancy to avoid mishaps. This work is tedious, and introduces many moving parts, which all have the capability to fail.
To streamline some of the process, Microsoft created their own version of a RADIUS server, called Network Policy Server (NPS). While effective for connecting Windows systems to WiFi through AD, NPS and other similar RADIUS implementations like FreeRADIUS present a couple of major issues to IT organizations.
First and foremost of these issues is that, by implementing these types of RADIUS servers, IT organizations entrench their infrastructure on-prem. In an era where much of an organization’s infrastructure can be leveraged from the cloud as-a-Service, keeping infrastructure on-prem means loads of implementation hassles in terms of setting up and maintaining servers. Beyond that, all of these added-on RADIUS implementations rack up overhead costs, creating a drain on IT budgets.
Leveraging the Cloud for Better Results
Although the cloud has introduced a number of hurdles for Active Directory, it also presents a solution for them. IT organizations can leverage a cloud identity management solution that integrates with AD, shouldering the burden of authenticating non-domain resources while allowing AD to remain and operate effectively from the head of the table. It can also enable all types of systems to access the WiFi infrastructure including Windows, macOS®, Linux®, and mobile devices.
Active Directory Integration uses a pair of lightweight agents to sync AD credentials with the cloud directory service, or Directory-as-a-Service®. The Directory-as-a-Service then extends said credentials to various resources that exist outside of the AD domain, such as macOS systems, Linux servers, applications, infrastructure, WiFi, and more.
Syncing AD with WiFi via Cloud RADIUS
One such resource is RADIUS servers which can be used to authenticate access to WiFi networks and VPNs. Specifically, Directory-as-a-Service features built-in RADIUS-as-a-Service: cloud-hosted RADIUS servers integrated directly into the Directory-as-a-Service identity provider. RADIUS-as-a-Service allows IT admins to leverage the usefulness of RADIUS authentication without having to put in the legwork of implementing and configuring RADIUS servers (or the cost of commercial on-prem RADIUS solutions). With AD Integration, IT organizations can completely sync AD with WiFi backed by RADIUS in only a few clicks.
Try AD Integration
If you are interested in syncing AD with WiFi networks without the hassle of implementing RADIUS, consider RADIUS-as-a-Service with AD Integration as your solution. Schedule a free personalized demo to see the product in action, or if you have questions, please contact us to learn more.