Onboarding the devices using the Google Credentials

Nowadays a lot of Companies have their Domains hosted in Google. Since Google does provides only API’s we would not be able to use these credentials on L2 Authentications like Dot1x

 

Here is a Workflow that shows how we can onboard a Client using Google Credentials and allow users  to connect to Secure SSID post onboarding with Certificates issued on Google Credentials

 

Step 1 : Create a APP in Google Developers.  

Step 2 : Create Network Settings for the Secure SSID . In our Setup the SSID name is “Airowire”

Step 3: Create Configuration Profile and map the Network Settings                               

Step 4: Create a Provisioning profile

  • Map the Network Settings
  • Map the Onboard CA
  • Enable Social login and add auto redirect to google auth
  • Map the Credentials and Secret Created in the Google API console

Step 5 : Map the redirect url of the CPPM to the Authorized Redirect URL

Note : the CPPM should have a proper FQDN and DNS entry

Step 6 : Create a BYOD Provisioning role in the Controller/IAP . The role should have access to Google Suite

 

 

wlan access-rule BYOD-Provision

 index 4

 captive-portal external profile BYOD-Provision

 rule any any match udp 53 53 permit

 rule any any match udp 67 68 permit

 rule 192.168.0.0 255.255.255.0 match any any any permit

  rule alias play.google.com match any any any permit

 rule alias *.google.com match any any any permit

 rule alias 1e100.net match any any any permit

 rule alias mtalk.google.com match any any any permit

 rule alias android.clients.google.com match any any any permit

 rule alias googleapis.com match any any any permit

 rule alias play.googleapis.com match any any any permit

 rule alias *ggpht.com match any any any permit

 rule alias *gvt1.com match any any any permit

 

Step 7 : Create a Captive Portal profile and Map the Profile to the Role

wlan external-captive-portal BYOD-Provision

 server cppm.airowire.com

 port 80

 url “/guest/device_provisioning.php”

 auth-text “”

 auto-whitelist-disable

Step 8 : Map this as the pre-auth role  in the SSID

 

wlan ssid-profile Airowire_Provisioning

 enable

 index 3

 type guest

 essid Airowire_Provisioning

 opmode opensystem

 max-authentication-failures 0

 vlan guest

 auth-server Cloud_CPPM

 set-role-pre-auth BYOD-Provision

 rf-band all

 captive-portal external profile BYOD-Provision

 dtim-period 1

 broadcast-filter arp

 dmo-channel-utilization-threshold 90

 local-probe-req-thresh 0

 max-clients-threshold 64

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts

Wireless Survey

Table of contents: The document covers what is a wireless survey, why wireless survey, the

Get smarter about how networks can offer amazing experiences for your customers and your business.

Contact Us

Airowire Networks PVT LTD
530 Lawrence Expressway
Sunnyvale, California 94085

Services
Social Media Links

Airowire Networks LLC
530 Lawrence Expressway
Sunnyvale, California 94085

Get smarter about how networks can offer amazing experiences for your customers and your business.

Contact Us

Global Offices

Singapore

7 Temasek Boulevard,  
#12-07, Suntec Tower
One  – 038987

Bengaluru

L-29, 3rd Floor, 2nd A Main,
HSR Layout Sector 6,
Bengaluru – 560102

Hyderabad

Ikeva Workspace
8-2-624/A/1, Level 1, am@10,
MB Towers, Road No. 10,
Banjara Hills – 500034

Mumbai

A12 Marol Mayur CHSL,
Military Road Marol,
Andheri East – 400059

Airowire Networks 2021. © All Rights Reserved Made with 💛 by The Web People