https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58350#M15 <P>In XIQ we have the possibility to use the cloud authentication service where accounts stored in a DB in the XIQ. Why not using a central cloud stored certificate from a private or public PKI to authenticate users/devices with enterprise SSIDs ?</P><P>Currently you will need a external radius server only for checking the certificates.</P><P>&nbsp;</P><P>br</P><P>Volker</P> Wed, 04 Nov 2020 23:35:00 GMT Volker_Kull 2020-11-04T23:35:00Z https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58350#M15 <P>In XIQ we have the possibility to use the cloud authentication service where accounts stored in a DB in the XIQ. Why not using a central cloud stored certificate from a private or public PKI to authenticate users/devices with enterprise SSIDs ?</P><P>Currently you will need a external radius server only for checking the certificates.</P><P>&nbsp;</P><P>br</P><P>Volker</P> Wed, 04 Nov 2020 23:35:00 GMT https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58350#M15 Volker_Kull 2020-11-04T23:35:00Z https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58351#M16 <P>Hi Volker,</P><P>&nbsp;</P><P>but what prevents you from using cloud-based RADIUS server? Azure, for instance, provides such option via Azure AD directory services and/or NPS VM in their cloud.</P><P>XIQ is not an Identity Provider/catalog itself. Yes, it provides some identity storage capabilities for simple cases, but there is no intention to turn it into full-fledged cloud IdP.</P><P>So I would suggest using integration capabilities of our Cloud solutions to “marry” them with external IdPs, which can be either on-prem or cloud-based.&nbsp;</P> Wed, 02 Dec 2020 17:16:00 GMT https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58351#M16 AlexN 2020-12-02T17:16:00Z https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58352#M17 <P>Hi Alex,</P><P>With XiQ we can use several internal (cloud based) authentication sources (guest users, PPSK accounts and users in a XIQ cloud DB which we can match to a 802.1X-PEAP profile). Making life easier and more secure for the customers we want to use this existing internal 802.1X authentication feature to expand this for 802.1X-TLS authentication and use a certificate stored in XIQ for authenticating devices. The goal is to limit the external interfaces like Radius for a simple TLS authentication.</P><P>With a cloud only strategy at the customer need to use a cloud based RaaS but with unsecure Radius protocol. This is not secure and difficult to manage: which AP/switch will communicate with RaaS, redundancy, content of response,…</P><P>With that this will be a unique selling point.</P><P>br Volker</P> Wed, 02 Dec 2020 18:02:00 GMT https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58352#M17 Volker_Kull 2020-12-02T18:02:00Z https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58353#M18 <P>That one is really good, I’m only thinking where to stick it in - XIQ or Extreme Guest Essentials ? But that’s rhetoric question, let me figure it out inside..</P><P>BTW RaaS based on RadSec isn’t really insecure, as TLS authentication there is mutual.</P> Sat, 05 Dec 2020 00:51:00 GMT https://community.extremenetworks.com/t5/hero-product-suggestions/xiq-using-802-1x-tls-in-a-enterprise-ssid-with-a-certificate/m-p/58353#M18 AlexN 2020-12-05T00:51:00Z