Onboarding the devices using the Google Credentials

Nowadays a lot of Companies have their Domains hosted in Google. Since Google does provides only API’s we would not be able to use these credentials on L2 Authentications like Dot1x

 

Here is a Workflow that shows how we can onboard a Client using Google Credentials and allow users  to connect to Secure SSID post onboarding with Certificates issued on Google Credentials

 

Step 1 : Create a APP in Google Developers.  

Step 2 : Create Network Settings for the Secure SSID . In our Setup the SSID name is “Airowire”

Step 3: Create Configuration Profile and map the Network Settings                               

Step 4: Create a Provisioning profile

  • Map the Network Settings
  • Map the Onboard CA
  • Enable Social login and add auto redirect to google auth
  • Map the Credentials and Secret Created in the Google API console

Step 5 : Map the redirect url of the CPPM to the Authorized Redirect URL

Note : the CPPM should have a proper FQDN and DNS entry

Step 6 : Create a BYOD Provisioning role in the Controller/IAP . The role should have access to Google Suite

 

 

wlan access-rule BYOD-Provision

 index 4

 captive-portal external profile BYOD-Provision

 rule any any match udp 53 53 permit

 rule any any match udp 67 68 permit

 rule 192.168.0.0 255.255.255.0 match any any any permit

  rule alias play.google.com match any any any permit

 rule alias *.google.com match any any any permit

 rule alias 1e100.net match any any any permit

 rule alias mtalk.google.com match any any any permit

 rule alias android.clients.google.com match any any any permit

 rule alias googleapis.com match any any any permit

 rule alias play.googleapis.com match any any any permit

 rule alias *ggpht.com match any any any permit

 rule alias *gvt1.com match any any any permit

 

Step 7 : Create a Captive Portal profile and Map the Profile to the Role

wlan external-captive-portal BYOD-Provision

 server cppm.airowire.com

 port 80

 url “/guest/device_provisioning.php”

 auth-text “”

 auto-whitelist-disable

Step 8 : Map this as the pre-auth role  in the SSID

 

wlan ssid-profile Airowire_Provisioning

 enable

 index 3

 type guest

 essid Airowire_Provisioning

 opmode opensystem

 max-authentication-failures 0

 vlan guest

 auth-server Cloud_CPPM

 set-role-pre-auth BYOD-Provision

 rf-band all

 captive-portal external profile BYOD-Provision

 dtim-period 1

 broadcast-filter arp

 dmo-channel-utilization-threshold 90

 local-probe-req-thresh 0

 max-clients-threshold 64

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts

Wireless Survey

Table of contents: The document covers what is a wireless survey, why wireless survey, the

Get smarter about how networks can offer amazing experiences for your customers and your business.

Contact Us

Airowire Networks PVT LTD
530 Lawrence Expressway
Sunnyvale, California 94085

Services
Social Media Links

Airowire Networks PVT LTD
L-29, 3rd Floor, 2nd A Main,
HSR Layout Sector 6,
Bengaluru – 560102
080 6837 1900

Get smarter about how networks can offer amazing experiences for your customers and your business.

Contact Us

Global Offices

Branch Offices

Global Offices

US

530 Lawrence Expressway
Sunnyvale, California
94085

Singapore

Airowire Networks PTE LTD
160 Robinson Road #14-04
Spore Business Federation CTR Singapore 68914

Branch Offices

Hyderabad

Ikeva Workspace
8-2-624/A/1, Level 1, [email protected],
MB Towers, Road No. 10,
Banjara Hills – 500034

Mumbai

A12 Marol Mayur CHSL,
Military Road Marol,
Andheri East – 400059

Airowire Networks 2023. © All Rights Reserved Made with 💛 by The Web People

Contact Us
Contact Us
Scroll to Top