備受全球場域信賴
WiFi 專用的驗證器應用程式
大多數員工 WiFi 網路都使用共享密碼。這些密碼寫在白板上、在 Slack 頻道中分享,且在人員離職時從未更改。
Purple 為您提供真正的企業級安全性,免去繁瑣流程。員工使用現有的 Microsoft、Google 或 Okta 憑據登入我們的 Purple 驗證器應用程式,即可自動上網。大功告成。
- WPA2/3-Enterprise 加密
- 支援 Entra ID、Google Workspace、Okta
- 員工離職時自動撤銷存取權限
- 任何網路硬體 (Cisco, Aruba, Meraki, Ruckus, Ubiquiti)
真正的安全,而非虛有其表🔒
每個使用者都有專屬的加密金鑰。即使在同一個存取點,使用者也無法竊聽彼此的流量。當有人從您的目錄中移除時,其 WiFi 存取權限會在幾分鐘內停止。無需提交工單,無需更改密碼。
每次連線都會記錄:連線者、時間、裝置及地點。當稽核員詢問時,您將有據可查。
- 每個使用者專屬的對話金鑰
- 透過 SCIM 自動撤銷
- 完整稽核軌跡
- ISO 27001 認證
60 秒內完成連線 ⏰
員工下載 Purple 應用程式,點擊「使用 Microsoft 登入」(或 Google、Okta),然後點擊安裝其 WiFi 通行證。就這麼簡單。支援 Windows、macOS、Linux、iOS、Android。
不再需要透過電話引導人員進行 WiFi 設定。不再需要重設密碼。使用 Purple 的 IT 團隊通常會發現 WiFi 相關的支援工單減少了 80%。
- SSO 登入(無需新憑據)
- 一鍵安裝設定檔
- 自動連線(無需重複登入)
- 適用於您的所有據點
支援超過 80,000 個場域。您的場域也不成問題。
Purple 的認證基礎架構已運行超過十年。涵蓋機場、銀行、零售商、大學。去年登入次數達 4.4 億次。無需維護地端伺服器。只需將您的存取點指向我們的 RADIUS 即可完成。
- 超過 80,000 個場域上線
- 2024 年登入次數達 4.4 億次
- 99.999% 正常運行時間
查看誰實際在辦公室
查看誰實際在辦公室。WiFi 數據會告訴您哪些日子繁忙、哪些樓層空置,以及您的混合辦公政策是否真正奏效。將數據匯出給設施團隊,或將其整合到現有的儀表板中。
- 按天/小時/部門劃分的佔用率
- 混合辦公模式分析
- 建築物利用率報告
- 可匯出數據
How Purple Staff WiFi works
One identity. One pass. Every device, every site. Here is the path from sign-in to the moment access stops.
Authenticate
Staff open the Purple app and sign in with the account they already have - Microsoft Entra ID, Okta, or Google Workspace. No new password to set or remember.
Generate a WiFi pass
Purple issues a unique, certificate-based WiFi pass to the device - as simple as adding a card to a mobile wallet.
Get online
The device authenticates over WPA2/3-Enterprise with 802.1X. Each user gets their own encryption keys, so no one on the network can read anyone else’s traffic.
Stay connected
Devices reconnect on their own across every site, on Windows, macOS, Linux, iOS, and Android. No repeated logins, no captive portals to fill in.
Auto-revocation
Disable someone in your directory and Purple drops their WiFi within minutes over SCIM. No estate-wide password to rotate, no ticket to raise.
No on-site RADIUS to run. Purple operates the cloud RADIUS that replaces FreeRADIUS and Windows NPS, with multi-region failover and a 99.999% uptime SLA. Every authentication is logged with user, device, time, and location, so your audit trail writes itself. Read the full architecture in the enterprise WiFi security guide.
總部
您的主辦公室需要最嚴密的安全性。員工透過 SSO 進行身份驗證,並根據其角色分配到正確的 VLAN。承包商獲得限時存取權限,並會自動過期。
- 基於角色的 VLAN 分配
- 承包商存取管理
- 完整稽核軌跡
分支辦公室
無需運送硬體即可在每個據點部署一致的安全防護。員工設定檔隨處可用。當有人造訪不同的辦公室時,他們會自動連線。
- 集中式政策管理
- 無需現場 RADIUS 伺服器
- 各處一致的體驗
混合辦公員工
當員工在客戶現場或使用 Purple 的共享辦公空間工作時,他們的裝置會自動連線。無需尋找密碼,也無需填寫 Captive Portal 表單。
- OpenRoaming 支援
- 在合作夥伴站點自動連線
- 各處享有相同的安全性
員工參與
Purple App 將您的員工 WiFi 網路從單純的連線轉變為強大的雙向溝通平台。利用已建立的連線點直接與員工互動。
- 使用問卷調查獲取意見回饋,以了解即時情緒並收集匿名回覆
- 根據角色、地點或時間提供自訂內容
- 立即將員工引導至特定的內部資源或培訓門戶
Add Shield to cut bandwidth and distractions
Staff WiFi keeps your people connected. Shield keeps the connection clean. It filters at the DNS layer, so there’s no extra hardware to buy and no firewall to change, and it rolls out across your whole estate in minutes.
Reclaim your bandwidth
Shield strips ads, trackers, and bloatware before they load, and can throttle high-bandwidth streaming during busy periods. Pages pull up to 44% less data and fire 62% fewer DNS queries, leaving headroom for the traffic that runs your business.
Remove the distractions
Ad and tracker blocking means staff pages load up to 53% faster and arrive clean. Set policies by site, department, or time of day to keep people focused and keep content you don’t want off a work network.
The Staff WiFi Standard for IT Leaders
A practical benchmark for evaluating, deploying, and managing enterprise staff WiFi - written for IT decision makers.
想看看它是如何運作的嗎?
我們將向您展示它如何連接到您的身份提供者、員工體驗如何,以及部署涉及的內容。
Staff WiFi for your industry
See how staff wifi works in venues like yours, and how Purple compares to alternatives.
Explore the authentication stack
Enterprise WiFi security
The pillar guide behind staff WiFi: WPA2/3-Enterprise, 802.1X, EAP-TLS, cloud RADIUS, and identity-provider integration, plus the full cluster of deep-dive guides.
RADIUS-as-a-Service
Cloud RADIUS for WPA2/3-Enterprise: EAP-TLS, PEAP, and iPSK. No on-prem server, multi-region failover.
WPA2 & WPA3-Enterprise
Secure WiFi with 802.1X on your existing access points. Identity-provider integration and managed certificates.
Passwordless WiFi
EAP-TLS, iPSK, Passpoint, and SAML/SSO. Replace shared passwords with identity-based credentials.
Frequently Asked Questions
What is staff WiFi and how is it different from guest WiFi?
Staff WiFi is an employee-only wireless network authenticated per-user, isolated from the guest and payment networks. Where guest WiFi optimises for low-friction sign-up, staff WiFi optimises for identity — each employee authenticates with their own credential (certificate, password, or iPSK) via 802.1X against a RADIUS server, and their access can be revoked the moment they leave the company without touching anyone else on the network.
What authentication does Purple staff WiFi use?
WPA2-Enterprise or WPA3-Enterprise with 802.1X. The standard options are EAP-TLS (certificate-based, the gold standard for managed laptops), PEAP (username + password for legacy devices), and iPSK (unique per-device pre-shared key for BYOD and IoT). Authentication runs against your identity provider — Microsoft Entra ID, Okta, Google Workspace, or any SAML 2.0 IdP.
Do I need my own RADIUS server?
No. Purple operates the RADIUS server as a cloud service - RADIUS-as-a-Service - with multi-region failover and a 99.999% uptime SLA. Your access points point at Purple, Purple validates credentials against your identity provider, and no one in your team operates RADIUS infrastructure. If you already run FreeRADIUS, NPS, or Cisco ISE, migration is a weekend exercise.
How does Purple staff WiFi integrate with Entra ID, Okta, or Google Workspace?
Directly via SAML and SCIM. When an employee is added to the IdP, their WiFi access is provisioned automatically; when they leave, access is revoked at the same moment their email is revoked. Group membership in the IdP drives VLAN policy — marketing, engineering, and contractors can each land on their own network segment without manual configuration.
Does Purple support employee WiFi for BYOD and IoT devices?
Yes. BYOD onboarding uses certificate enrolment via an MDM (Intune, Jamf, Kandji, Hexnode) for managed devices, or a self-service portal for unmanaged phones and tablets. IoT devices — printers, access controllers, smart lighting — typically use iPSK (Identity PSK) on a dedicated SSID so each device has a unique key you can revoke without affecting others.
Can I revoke one employee's WiFi access without disrupting others?
Yes, instantly. Because staff WiFi is per-user, disabling the employee in your identity provider revokes their WiFi access at the next authentication attempt. Compare this to a shared WiFi password, where one departing employee forces a company-wide password rotation. This is the single biggest operational reason to move from WPA-Personal to WPA-Enterprise.
Does Purple staff WiFi work with my existing access points?
Yes. Purple runs on any enterprise-grade access point that speaks RADIUS — Cisco Meraki, Cisco Catalyst, Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, Fortinet FortiAP, and more. You do not replace hardware; you reconfigure SSIDs to authenticate via Purple.
How does staff WiFi handle Conditional Access and Zero Trust?
Purple respects Conditional Access policies from Entra ID — a device that fails compliance checks is not admitted to the network. For broader Zero Trust postures, Purple emits every authentication event to SIEM (Microsoft Sentinel, Splunk, Elastic, Datadog) via webhook or syslog, so network access becomes a signal in your broader security analytics.