全球场馆的信赖之选
专为 WiFi 设计的身份验证器应用
大多数员工 WiFi 网络都使用共享密码。这些密码写在白板上,在 Slack 频道中共享,且在人员离职时从不更改。
Purple 为您提供真正的企业级安全,且无需繁琐操作。员工使用现有的 Microsoft、Google 或 Okta 凭据登录我们的 Purple 身份验证器应用,即可自动上网。大功告成。
- WPA2/3-Enterprise 加密
- 兼容 Entra ID、Google Workspace、Okta
- 员工离职时自动撤销访问权限
- 任何网络硬件 (Cisco, Aruba, Meraki, Ruckus, Ubiquiti)
真正的安全,而非安全表象🔒
每个用户都有自己的加密密钥。即使在同一个接入点上,用户也无法嗅探彼此的流量。当有人从您的目录中删除时,其 WiFi 访问权限将在几分钟内停止。无需提交工单,无需更改密码。
每次连接都会被记录:谁连接了、何时连接、通过哪台设备、在哪个位置。当审计人员询问时,您将有据可查。
- 每个用户唯一的会话密钥
- 通过 SCIM 自动撤销
- 完整的审计追踪
- ISO 27001 认证
60 秒内完成连接 ⏰
员工下载 Purple 应用,点击“使用 Microsoft 登录”(或 Google、Okta),然后点击安装其 WiFi 通行证。就这么简单。适用于 Windows、macOS、Linux、iOS、Android。
不再需要通过电话指导员工进行 WiFi 设置。不再需要重置密码。使用 Purple 的 IT 团队通常会发现 WiFi 问题的支持工单减少了 80%。
- SSO 登录(无需新凭据)
- 一键配置文件安装
- 自动连接(无需重复登录)
- 适用于您的所有办公地点
服务于 80,000 多个场所。足以应对您的业务需求。
Purple 的身份验证基础设施已运行超过十年。涵盖机场、银行、零售商、大学。去年登录次数达 4.4 亿次。无需维护本地服务器。只需将您的接入点指向我们的 RADIUS 即可完成。
- 80,000 多个上线场所
- 2024 年登录次数达 4.4 亿次
- 99.999% 正常运行时间
查看实际在办公室的人员
查看实际在办公室的人员。WiFi 数据会告诉您哪些日子繁忙、哪些楼层空闲,以及您的混合办公政策是否真正奏效。将数据导出给设施管理团队,或将其接入您现有的仪表板。
- 按天/小时/部门划分的占用率
- 混合办公模式分析
- 建筑利用率报告
- 可导出数据
How Purple Staff WiFi works
One identity. One pass. Every device, every site. Here is the path from sign-in to the moment access stops.
Authenticate
Staff open the Purple app and sign in with the account they already have - Microsoft Entra ID, Okta, or Google Workspace. No new password to set or remember.
Generate a WiFi pass
Purple issues a unique, certificate-based WiFi pass to the device - as simple as adding a card to a mobile wallet.
Get online
The device authenticates over WPA2/3-Enterprise with 802.1X. Each user gets their own encryption keys, so no one on the network can read anyone else’s traffic.
Stay connected
Devices reconnect on their own across every site, on Windows, macOS, Linux, iOS, and Android. No repeated logins, no captive portals to fill in.
Auto-revocation
Disable someone in your directory and Purple drops their WiFi within minutes over SCIM. No estate-wide password to rotate, no ticket to raise.
No on-site RADIUS to run. Purple operates the cloud RADIUS that replaces FreeRADIUS and Windows NPS, with multi-region failover and a 99.999% uptime SLA. Every authentication is logged with user, device, time, and location, so your audit trail writes itself. Read the full architecture in the enterprise WiFi security guide.
总部
您的主办公室需要最严密的安全性。员工通过 SSO 进行身份验证,并根据其角色分配到相应的 VLAN。承包商获得有时限的访问权限,到期后自动失效。
- 基于角色的 VLAN 分配
- 承包商访问管理
- 完整审计追踪
分支机构
无需寄送硬件,即可在每个地点部署一致的安全策略。员工配置文件随处可用。当有人访问不同办公室时,他们会自动连接。
- 集中式策略管理
- 无需现场 RADIUS 服务器
- 随处一致的体验
混合办公人员
当员工在客户现场或使用 Purple 的共享办公空间工作时,他们的设备会自动连接。无需寻找密码,无需填写 Captive Portal 表单。
- OpenRoaming 支持
- 在合作伙伴站点自动连接
- 随处享有相同的安全性
员工互动
Purple App 将您的员工 WiFi 网络从简单的连接工具转变为强大的双向沟通平台。利用已建立的连接点直接与员工互动。
- 通过调查问卷获取反馈,了解实时情绪并收集匿名回复
- 根据角色、位置或时间提供定制内容
- 立即引导员工访问特定的内部资源或培训门户
Add Shield to cut bandwidth and distractions
Staff WiFi keeps your people connected. Shield keeps the connection clean. It filters at the DNS layer, so there’s no extra hardware to buy and no firewall to change, and it rolls out across your whole estate in minutes.
Reclaim your bandwidth
Shield strips ads, trackers, and bloatware before they load, and can throttle high-bandwidth streaming during busy periods. Pages pull up to 44% less data and fire 62% fewer DNS queries, leaving headroom for the traffic that runs your business.
Remove the distractions
Ad and tracker blocking means staff pages load up to 53% faster and arrive clean. Set policies by site, department, or time of day to keep people focused and keep content you don’t want off a work network.
The Staff WiFi Standard for IT Leaders
A practical benchmark for evaluating, deploying, and managing enterprise staff WiFi - written for IT decision makers.
想看看它是如何运作的吗?
我们将向您演示它如何连接到您的身份提供商、员工体验如何以及部署涉及的内容。
Staff WiFi for your industry
See how staff wifi works in venues like yours, and how Purple compares to alternatives.
Explore the authentication stack
Enterprise WiFi security
The pillar guide behind staff WiFi: WPA2/3-Enterprise, 802.1X, EAP-TLS, cloud RADIUS, and identity-provider integration, plus the full cluster of deep-dive guides.
RADIUS-as-a-Service
Cloud RADIUS for WPA2/3-Enterprise: EAP-TLS, PEAP, and iPSK. No on-prem server, multi-region failover.
WPA2 & WPA3-Enterprise
Secure WiFi with 802.1X on your existing access points. Identity-provider integration and managed certificates.
Passwordless WiFi
EAP-TLS, iPSK, Passpoint, and SAML/SSO. Replace shared passwords with identity-based credentials.
Frequently Asked Questions
What is staff WiFi and how is it different from guest WiFi?
Staff WiFi is an employee-only wireless network authenticated per-user, isolated from the guest and payment networks. Where guest WiFi optimises for low-friction sign-up, staff WiFi optimises for identity — each employee authenticates with their own credential (certificate, password, or iPSK) via 802.1X against a RADIUS server, and their access can be revoked the moment they leave the company without touching anyone else on the network.
What authentication does Purple staff WiFi use?
WPA2-Enterprise or WPA3-Enterprise with 802.1X. The standard options are EAP-TLS (certificate-based, the gold standard for managed laptops), PEAP (username + password for legacy devices), and iPSK (unique per-device pre-shared key for BYOD and IoT). Authentication runs against your identity provider — Microsoft Entra ID, Okta, Google Workspace, or any SAML 2.0 IdP.
Do I need my own RADIUS server?
No. Purple operates the RADIUS server as a cloud service - RADIUS-as-a-Service - with multi-region failover and a 99.999% uptime SLA. Your access points point at Purple, Purple validates credentials against your identity provider, and no one in your team operates RADIUS infrastructure. If you already run FreeRADIUS, NPS, or Cisco ISE, migration is a weekend exercise.
How does Purple staff WiFi integrate with Entra ID, Okta, or Google Workspace?
Directly via SAML and SCIM. When an employee is added to the IdP, their WiFi access is provisioned automatically; when they leave, access is revoked at the same moment their email is revoked. Group membership in the IdP drives VLAN policy — marketing, engineering, and contractors can each land on their own network segment without manual configuration.
Does Purple support employee WiFi for BYOD and IoT devices?
Yes. BYOD onboarding uses certificate enrolment via an MDM (Intune, Jamf, Kandji, Hexnode) for managed devices, or a self-service portal for unmanaged phones and tablets. IoT devices — printers, access controllers, smart lighting — typically use iPSK (Identity PSK) on a dedicated SSID so each device has a unique key you can revoke without affecting others.
Can I revoke one employee's WiFi access without disrupting others?
Yes, instantly. Because staff WiFi is per-user, disabling the employee in your identity provider revokes their WiFi access at the next authentication attempt. Compare this to a shared WiFi password, where one departing employee forces a company-wide password rotation. This is the single biggest operational reason to move from WPA-Personal to WPA-Enterprise.
Does Purple staff WiFi work with my existing access points?
Yes. Purple runs on any enterprise-grade access point that speaks RADIUS — Cisco Meraki, Cisco Catalyst, Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, Fortinet FortiAP, and more. You do not replace hardware; you reconfigure SSIDs to authenticate via Purple.
How does staff WiFi handle Conditional Access and Zero Trust?
Purple respects Conditional Access policies from Entra ID — a device that fails compliance checks is not admitted to the network. For broader Zero Trust postures, Purple emits every authentication event to SIEM (Microsoft Sentinel, Splunk, Elastic, Datadog) via webhook or syslog, so network access becomes a signal in your broader security analytics.