By Vince Lujan Posted August 31, 2018
Managing user access to WiFi Networks via RADIUS can dramatically increase network security in modern IT organizations. The challenge is that RADIUS implementations have historically been costly and difficult to implement and maintain on-prem. Fortunately, a next generation cloud directory services platform has emerged to change that by shifting RADIUS authentication to the cloud.
Why Authenticate WiFi Networks via RADIUS?
WiFi is an easy target for attackers. One of the best ways to protect your network is to ensure that only the right users have access. How do you do that? Authenticate each user on an individual basis. This is achievable with RADIUS authentication.
RADIUS is typically implemented in conjunction with a core identity provider (IdP), often called a directory services platform, such as Microsoft® Active Directory® (AD) or OpenLDAP™. At a high level, RADIUS works by routing user requests for network access from a client (e.g. a user system, WAP, or switch) to a dedicated RADIUS server for authentication. A user initiates the authentication process when they attempt to access the RADIUS-enabled network, and subsequently enter the credentials that are associated with their core user identity. The RADIUS server then authenticates the user credentials against the core IdP, which acts as the source of truth for verifying user identities.
Essentially, if the credentials submitted by the user match those associated with their core user identity, which is stored in the core directory services database, the user is authenticated and the RADIUS server will authorize access to the RADIUS-protected network. If the credentials do not match, the RADIUS server will prevent the user from accessing the RADIUS-protected network.
Historically, the challenge for IT organizations has been that RADIUS infrastructure typically had to be built on-prem and maintained by skilled personnel. IT organizations needed to procure dedicated servers, switches, cables, and more. IT also had to configure all of the systems and network infrastructure in their environment to point to the RADIUS server, and maintain the entire identity management infrastructure somewhere on-prem.
This can be a huge obstacle for newer, cloud-forward organizations. Even if you have the existing on-prem identity management infrastructure, managing WiFi access is just another thing admins have to worry about. In an age when cyber attacks are not only on the rise, but becoming increasingly sophisticated, it might be time to leave network security to the experts.
Cloud RADIUS Alternatives
The good news is that there are a wide variety of cloud RADIUS solutions for IT admins to choose from. In essence, these hosted solutions can provide the benefits of authenticating WiFi networks via RADIUS, but delivered as a service. Gone are the days of setting up, maintaining, and securing on-prem RADIUS servers.
However, before choosing a cloud RADIUS solution, it is important to consider the overall identity management needs of the organization first. WiFi is only one of many resources that must be protected, after all. There’s also systems, applications, files, and more. You also must take into account the various platforms, providers, protocols, and locations of your IT resources.
Of course, there are many other factors. But, if your overall goal is to manage access to virtually any IT resource from one central management platform in the cloud, then there is really only one solution for you. It’s called JumpCloud® Directory-as-a-Service®.
Cloud RADIUS with JumpCloud Directory-as-a-Service
JumpCloud Directory-as-a-Service is a next generation directory service platform that was borne from the cloud and built to manage modern IT networks. Cloud RADIUS is a core function of this next generation Identity-as-a-Service (IDaaS) platform. JumpCloud RADIUS enables IT admins to control access to their network on an individual basis. The benefit of this approach is that only the right people have access to the network, and subsequently, an organization’s IT resources.
Beyond Cloud RADIUS
Now, imagine if users could leverage the same credentials that they use for authenticating to WiFi networks via RADIUS, but for access to systems (e.g., Linux®, macOS®, Windows®), cloud and on-prem applications (e.g., Salesforce®, Zendesk®, OpenVPN™, Jira®), cloud and on-prem storage (e.g., Samba, NAS, Box™, Google Drive™), cloud productivity platforms (e.g., Office 365™, G Suite™), Infrastructure-as-a-Service (e.g., AWS®, GCP™), and more. Said another way, imagine if you could leverage one set of credentials to gain access to virtually any IT resource. We think of this concept as a True Single Sign-On™ experience. This is achievable with JumpCloud Directory-as-a-Service.
The best part is that JumpCloud Directory-as-a-Service is a complete, cloud-based replacement to on-prem identity management solutions like AD and OpenLDAP. This cloud approach to directory services not only eliminates the need to implement and maintain a complicated identity management infrastructure on-prem, but it can also deliver the comprehensive functionality that modern IT organizations need at a fraction of the cost of comparable on-prem solutions.
Learn How to Manage WiFi via RADIUS with JumpCloud
Contact JumpCloud to find out how to manage WiFi networks via RADIUS today. You can also schedule a demo, or sign up for a JumpCloud Directory-as-a-Service account to explore the full functionality of our platform at no cost. Your first ten users are free forever! Alternatively, you can also check out our YouTube page to learn more about our platform.