बिना पासवर्ड के सुरक्षित स्टाफ WiFi

Staff WiFi is an employee-only wireless network authenticated per-user, isolated from the guest and payment networks. Where guest WiFi optimises for low-friction sign-up, staff WiFi optimises for identity — each employee authenticates with their own credential (certificate, password, or iPSK) via 802.1X against a RADIUS server, and their access can be revoked the moment they leave the company without touching anyone else on the network.

WPA2-Enterprise or WPA3-Enterprise with 802.1X. The standard options are EAP-TLS (certificate-based, the gold standard for managed laptops), PEAP (username + password for legacy devices), and iPSK (unique per-device pre-shared key for BYOD and IoT). Authentication runs against your identity provider — Microsoft Entra ID, Okta, Google Workspace, or any SAML 2.0 IdP.

No. Purple operates the RADIUS server as a cloud service - RADIUS-as-a-Service - with multi-region failover and a 99.999% uptime SLA. Your access points point at Purple, Purple validates credentials against your identity provider, and no one in your team operates RADIUS infrastructure. If you already run FreeRADIUS, NPS, or Cisco ISE, migration is a weekend exercise.

Directly via SAML and SCIM. When an employee is added to the IdP, their WiFi access is provisioned automatically; when they leave, access is revoked at the same moment their email is revoked. Group membership in the IdP drives VLAN policy — marketing, engineering, and contractors can each land on their own network segment without manual configuration.

Yes. BYOD onboarding uses certificate enrolment via an MDM (Intune, Jamf, Kandji, Hexnode) for managed devices, or a self-service portal for unmanaged phones and tablets. IoT devices — printers, access controllers, smart lighting — typically use iPSK (Identity PSK) on a dedicated SSID so each device has a unique key you can revoke without affecting others.

Yes, instantly. Because staff WiFi is per-user, disabling the employee in your identity provider revokes their WiFi access at the next authentication attempt. Compare this to a shared WiFi password, where one departing employee forces a company-wide password rotation. This is the single biggest operational reason to move from WPA-Personal to WPA-Enterprise.

Yes. Purple runs on any enterprise-grade access point that speaks RADIUS — Cisco Meraki, Cisco Catalyst, Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, Fortinet FortiAP, and more. You do not replace hardware; you reconfigure SSIDs to authenticate via Purple.

Purple respects Conditional Access policies from Entra ID — a device that fails compliance checks is not admitted to the network. For broader Zero Trust postures, Purple emits every authentication event to SIEM (Microsoft Sentinel, Splunk, Elastic, Datadog) via webhook or syslog, so network access becomes a signal in your broader security analytics.