This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best practice for staff BYOD devices

Best practice for staff BYOD devices

robert_davies
New Contributor

‎05-22-2019 03:00 PM

We currently have a setup where guests access the WLAN using 802.11x Radius authentication. We are having multiple issues with users AD accounts getting locked out when their passwords need updating and a BYOD device that they have forgotten about attempts to connect with their old credentials. Im looking for a way of preventing this from happening. Maybe a captive portal staff members connect to initially which then sends them a password to their work email address to connect them to the network. Any ideas if this is possible? or a better idea?

0 Kudos
9 REPLIES 9

robert_davies
New Contributor

‎05-24-2019 09:50 AM

Hi Dennis

 

We are using cloud based Aerohive NG. Ive just created an account and am looking through the documentation. What you are doing at your organisation sounds very interesting. Hopefully i can make sense of the information on the website.

 

Regards

0 Kudos

dennis_tobias
New Contributor

‎05-23-2019 01:43 PM

What version of HiveManager are you using? Depending on the version you are using you could potentially make use of the Aerohive API. My organization has employee on-boarding/off-boarding automated and part of the process is to provision/de-provision accounts for BYOD. We also have an internal support portal where employees can go and do BYOD self-service. The API is super simple to use - just go to developer.aerohive.com and sign up for an account so you can get access to the documentation. NOTE: The API does NOT work for Hivemanager NG on-prem so you must either be using Classic with the online ID Manager or using HiveManager Select.

0 Kudos

samantha_lynn
Esteemed Contributor III

‎05-23-2019 01:25 PM

You could set up a self registration SSID, and instruct them to use their work email addresses, and then they'd get the password sent to their inbox. However, we can't limit the self registration CWP to a particular domain, so it would be possible for non-employees to also register via the self registration CWP.

0 Kudos

robert_davies
New Contributor

‎05-23-2019 01:20 PM

Hi Sam

Thanks for the response. What we were hopefully looking to do was allow staff to connect to a captive portal and add their work email address. They can then get the ppsk from their work email address and use that to connect to the office wifi. Does this sound plausible?

Regards

Robert Davies | Infrastructure Engineer
for and on behalf of Charles Russell Speechlys LLP

T: +44 (0)20 7438 2266
F: +44 (0)20 7203 0200
charlesrussellspeechlys.com
0 Kudos

samantha_lynn
Esteemed Contributor III

‎05-23-2019 01:09 PM

We generally don't recommend Radius for BYOD, I might recommend a PPSK option instead. You can lock the PPSK credentials to certain MAC addresses, or a certain number of devices allowed to use the same PPSK credentials if you'd like.

0 Kudos
GTM-P2G8KFN