Technical Guides
Deep, expert-led guides covering guest WiFi, analytics, captive portals, and modern venue technology. Each guide includes diagrams, worked examples, and audio podcasts.
93 guides
Network Onboarding UX: Designing a Frictionless WiFi Setup Experience
This guide provides a comprehensive technical framework for designing a frictionless WiFi network onboarding UX, covering captive portal detection mechanics across iOS, Android, Windows, and macOS, and detailing self-service certificate enrolment for 802.1X staff networks. It equips IT managers, network architects, and venue operations directors with actionable strategies to reduce helpdesk overhead, improve first-connection success rates, and maintain GDPR and PCI DSS compliance across hospitality, retail, and campus environments.
Azure AD and Entra ID WiFi Authentication: Integration and Configuration Guide
This technical reference guide provides IT managers, network architects, and venue operations directors with a practical roadmap for integrating Microsoft Entra ID (Azure AD) with enterprise WiFi networks using RADIUS and 802.1X. It covers the architectural decision between on-premise Windows NPS and cloud-native RADIUS, the deployment of certificate-based EAP-TLS authentication via Microsoft Intune, and the operational best practices for securing wireless access across hospitality, retail, and public-sector environments. For organisations already invested in the Microsoft 365 and Entra ID ecosystem, this guide bridges the gap between cloud identity management and physical network security.
Passwordless WiFi Authentication: Moving Beyond Pre-Shared Keys
This guide provides IT managers, network architects, and venue operations directors with a practical roadmap for eliminating shared WiFi passwords and migrating to identity-based, certificate-driven authentication. It covers the security and compliance failures of PSK-based networks, the technical architecture of 802.1X and EAP-TLS, and the role of Identity PSK (iPSK) as a critical transition technology for IoT and legacy devices. Venue operators in hospitality, retail, and the public sector will find actionable migration strategies, real-world implementation scenarios, and measurable business outcomes to justify the investment.
IoT Device Segmentation on WiFi: Isolating Non-Standard Devices
This guide provides practical, enterprise-grade strategies for securely segmenting non-standard IoT devices on venue WiFi networks. Learn how to implement VLAN isolation, MAC-based authentication, and strict firewall policies to protect your core infrastructure from vulnerable smart devices.
Cloud RADIUS vs On-Premise RADIUS: Decision Guide for IT Teams
This guide provides IT directors, network architects, and venue operations teams with a definitive framework for choosing between cloud-hosted RADIUS services and traditional on-premise RADIUS servers. It covers the technical architecture, latency and reliability trade-offs, total cost of ownership, and compliance considerations for multi-site hospitality, retail, and public-sector deployments. By the end, readers will have a clear decision model aligned to their specific infrastructure constraints and organisational risk appetite.
BYOD WiFi Onboarding: Managing Unmanaged Devices in Hotels and Retail
This technical reference guide provides actionable strategies for onboarding employee-owned (BYOD) devices onto enterprise WiFi networks in hospitality and retail environments without requiring full MDM enrolment. It covers self-service certificate enrolment flows, 802.1X authentication, and policy enforcement to ensure secure access for unmanaged devices.
EAP-TLS Authentication Explained: Certificate-Based WiFi Security
EAP-TLS is the gold standard for enterprise WiFi security, replacing vulnerable password-based authentication with robust, mutually authenticated digital certificates. This guide provides IT managers and network architects with a comprehensive technical deep-dive into the EAP-TLS handshake, architectural requirements, and practical deployment strategies for mixed-device environments.
Okta and RADIUS: Extending Your Identity Provider to WiFi Authentication
This guide provides a comprehensive technical reference for IT administrators at Okta-centric organisations who want to extend their cloud identity provider to WiFi authentication using the Okta RADIUS agent. It covers the full authentication architecture, MFA enforcement trade-offs, dynamic VLAN assignment via RADIUS attribute mapping, and the critical decision between password-based EAP-TTLS and certificate-based EAP-TLS. Venue operators and enterprise IT teams will find actionable deployment guidance, real-world case studies from hospitality and retail, and a clear framework for integrating Okta RADIUS alongside dedicated guest WiFi solutions.
PEAP-MSCHAPv2: Why It Is Still Common, Why It Is Risky, and How to Move On
A comprehensive technical reference guide detailing the critical security vulnerabilities of PEAP-MSCHAPv2, including evil twin attacks and credential capture. It provides a practical, vendor-neutral roadmap for IT teams to migrate enterprise WiFi networks to secure, certificate-based EAP-TLS authentication.
Zero Trust WiFi Architecture: Applying Zero Trust to Venue Networks
A comprehensive technical reference guide detailing how venue operators can apply Zero Trust principles to enterprise WiFi networks. It covers continuous verification, micro-segmentation, and device posture enforcement to secure hospitality, retail, and public-sector environments against lateral movement and compliance risks.
EAP Methods Compared: PEAP, EAP-TLS, EAP-TTLS, and EAP-FAST
This authoritative technical reference guide provides a side-by-side comparison of PEAP, EAP-TLS, EAP-TTLS, and EAP-FAST for enterprise WiFi authentication. It delivers actionable guidance on security posture, deployment complexity, and device compatibility to help IT managers and network architects choose the optimal 802.1X deployment strategy.
Microsoft Intune WiFi Certificate Deployment via SCEP and PKCS
This guide provides a step-by-step technical reference for deploying WiFi authentication certificates via Microsoft Intune using SCEP and PKCS. It is designed for IT managers and network architects implementing passwordless 802.1X WiFi to ensure seamless, secure connectivity across enterprise environments.
Jamf and RADIUS: Certificate-Based WiFi Authentication for Apple Device Fleets
This technical reference guide provides IT managers, network architects, and CTOs with actionable steps to deploy certificate-based 802.1X WiFi authentication for Apple device fleets using Jamf Pro and RADIUS. It covers the full SCEP certificate provisioning workflow, WiFi configuration profile structure, RADIUS integration requirements, and real-world implementation scenarios from healthcare and enterprise environments. The guide is essential for any organisation seeking to eliminate password-based WiFi vulnerabilities, reduce helpdesk overhead, and achieve compliance with PCI DSS and GDPR network access standards.
PKI Fundamentals for WiFi Administrators: Certificates, CAs, and Trust Chains
This technical reference guide explains the foundational concepts of Public Key Infrastructure (PKI) for enterprise WiFi administrators, covering certificate authorities, trust chains, and X.509 certificates. It details how PKI underpins EAP-TLS mutual authentication and provides actionable deployment guidance for IT teams in hospitality, retail, and public-sector environments. Understanding PKI is a mandatory prerequisite for deploying certificate-based staff WiFi authentication with Purple.
The Ultimate Guide to OpenRoaming Architecture and Authentication
This guide provides an authoritative technical reference on WBA OpenRoaming architecture, covering the Passpoint foundation, RADIUS federation, RadSec mTLS security, and step-by-step deployment guidance for enterprise venues. It equips IT managers, network architects, and venue operators with the knowledge to replace captive portals with seamless, secure, and compliant Wi-Fi connectivity that delivers measurable ROI.
Google Workspace WiFi Authentication: Chromebook and LDAP Integration
A definitive technical reference for IT administrators deploying secure WiFi in Google Workspace environments. This guide covers 802.1X certificate deployment to managed Chromebooks via Google Admin Console, Google Secure LDAP integration as a RADIUS backend, and architecture decisions for education, media, and enterprise venues. It provides actionable implementation steps, real-world case studies, and a direct comparison of EAP methods to help teams move from vulnerable shared PSKs to robust, identity-based network access control.
RADIUS Accounting: Tracking Sessions, Usage, and Audit Logs
This guide provides a comprehensive technical reference on RADIUS accounting — how it records WiFi session start, stop, and interim-update data, what attributes are captured, and how to leverage that data for security auditing, GDPR compliance, and capacity planning. It is essential reading for network operations and security teams who need defensible audit trails from WiFi authentication events, and for venue operators seeking to integrate session data into SIEM platforms and analytics dashboards.
How Passpoint (Hotspot 2.0) Transforms the Guest Wi-Fi Experience
A comprehensive technical reference guide detailing how Passpoint (Hotspot 2.0) and 802.11u protocols replace traditional captive portals with seamless, secure, cellular-like Wi-Fi roaming. It provides IT leaders with architectural overviews, implementation frameworks, and the business case for adopting credential-based authentication to solve MAC randomisation challenges and improve guest experience.
The Future of Seamless Connectivity: Passpoint and OpenRoaming Explained
This technical reference guide provides actionable insights for IT leaders on transitioning from traditional captive portals to Passpoint and OpenRoaming. It details the underlying IEEE 802.11u and WPA3 standards, secure authentication flows, and real-world deployment strategies to improve seamless connectivity, enhance security, and drive measurable ROI in enterprise venues.
WPA3 Enterprise vs iPSK: Choosing the Right Security Model
This guide provides a definitive technical comparison between WPA3 Enterprise and Identity Pre-Shared Key (iPSK) for enterprise WiFi networks. It empowers IT leaders to choose the optimal security model for their venues, balancing robust 802.1X authentication with the flexibility required for IoT and legacy devices.
Dynamic VLAN Assignment with RADIUS: Segmenting Users by Role
This guide provides a comprehensive technical overview of implementing dynamic VLAN assignment using RADIUS attributes. It details how enterprise venues can automate network segmentation for staff, guests, and IoT devices to enhance security and reduce manual configuration overhead.
Implementing iPSK (Identity Pre-Shared Key) for Secure IoT Networks
This authoritative guide details how to implement Identity Pre-Shared Key (iPSK) architecture to secure enterprise IoT environments. It provides actionable deployment steps, VLAN segmentation strategies, and compliance frameworks for hospitality, retail, and public-sector network operators.
OCSP and Certificate Revocation for WiFi Authentication
This comprehensive guide explores the critical mechanisms of certificate revocation in enterprise WiFi environments, focusing on the transition from CRLs to OCSP. It provides actionable implementation strategies for IT teams managing large-scale, high-density networks where real-time security and low latency are paramount.
Device Posture Assessment for Network Access Control
This technical guide explains how device posture assessment works for Network Access Control (NAC), detailing the architecture, MDM integration, and remediation flows required to implement Zero Trust WiFi in enterprise and venue environments.
