0

We're looking to move our current access points from using a static password potentially to RADIUS. However, the closest to a directory service we have is Google Apps for Business, which does support being a SAML Identity Provider, etc.

There are a number of hosted RADIUS solutions that claim to do this - IronWIFI, Cloudessa, JumpCloud. However, looking closer, I don't how that would work with 2FA being active on the Google Accounts, unless we set up app specific passwords for the wifi (which gets to a chicken and egg problem - how does user get to Google Apps to set up an app specific password on a laptop without wifi? Guest wifi? - plus this seems really clunky in general)

This feels like this has to be a solved problem, but I cannot find a good answer.

crovers
  • 6,311
  • 1
  • 19
  • 29
  • 1
    I have seen in one big corporation which is specializing in network security that they do the following - on Windows and MacOS laptops they pre-install user certificate and also the company root CA, and then it's used to perform EAP-TLS. So they don't use login/password. Anyway, IronWifi at the moment doesn't work well in this scenario on Linux because of bug, however for me IronWifi it looks OK (with login/password) as in case something goes wrong with it it's easy to revert to PSK for the day and migrate it somewhere else. – Aria Sep 08 '16 at 14:10
  • Certs are definitely an option, that's true. Thanks, good thought. – crovers Sep 09 '16 at 00:04

0 Answers0