A captive portal is a web page that restricts your access to a WiFi network until you complete a required action, such as accepting terms of service, logging in, or entering a voucher code. It's commonly used in airports, hotels, coffee shops, and other public venues to control and manage guest WiFi access.

When you connect to a network with a captive portal, your device's operating system automatically sends an HTTP request to a known URL to check for internet connectivity. If the request is blocked or redirected, the OS detects it's behind a captive portal and triggers the login window. The enforcement device then redirects your traffic to the portal's splash page until you authenticate.

A Captive Network Assistant (CNA) is a feature built into operating systems like iOS, Android, and Windows that automatically detects when a device is behind a captive portal. It works by sending HTTP requests to a known URL and checking whether it receives the expected response. If not, the CNA automatically pops up a mini-browser window so you can complete the authentication without manually opening your browser.

Captive portals work on most modern devices with web browsers, including smartphones, tablets, and laptops running iOS, Android, Windows, macOS, and Linux. However, devices without web browsers (like some IoT devices, printers, or smart TVs) may struggle with captive portals. These devices typically need to be placed in a separate VLAN or handled via MAC-based authentication bypass.

A walled garden is a list of network destinations (URLs or IP addresses) that users can access without authentication on a captive portal network. This typically includes the portal server itself, DNS services, and any external services needed for authentication (like social login provider domains). Without a properly configured walled garden, users won't even be able to reach the splash page to log in.

A captive portal is an access control mechanism that restricts network access until a user authenticates, whereas a VPN encrypts and tunnels your internet traffic through a secure server. Captive portals operate at the network level to control who gets access; VPNs operate at the transport level to secure what travels over that access. They serve different purposes and are often used together.

Yes, captive portals can collect user data, depending on how they're configured. Common data points include email addresses, names, phone numbers, and demographic information, especially when social login is used. Under GDPR and similar regulations, this data must be collected with clear consent, stored securely, and used only for its stated purpose. Purple's platform handles compliance requirements including data minimisation and consent capture.

If the captive portal isn't appearing on an iOS device, it's usually because the Captive Network Assistant's connectivity check to captive.apple.com is failing. Common causes include a misconfigured walled garden that doesn't include Apple's CNA domains, an invalid or self-signed SSL certificate on the portal server, a VPN or DNS filter on the device blocking the check, or the network being previously saved with a successful connection state cached.