This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CloudPath SaaS EAP-TLS computer authentication

vadim_matusovsk
New Contributor

‎05-07-2021 09:27 AM

Hello,

I have implemented an Unleashed solution with ICXs, R320s, and CloudPath SaaS.

We are a cloud native org, and using AAD as IDP for our applications.

We are using AAD with CloudPath utilizing SAML for integration and user authentication for onboarding to WiFi.

The process is simple, the user accesses the Cloudpath onbaording URL, gets redirected to AAD, authenticates, and downloads the app for the Certificate and WiFi configuration.

All our users are using Windows 10 devices.

I have noticed that when Windows boots up, it is not connecting to WiFi, after the user logs in, the WiFi connects.

I have investigated this, and found the the authentication is a user authentication, and this explains the behavior.

I would like to change the EAP-TLS to computer authentication, so that WiFi could connect before the user logs in.

Could you advise please ?

Thanks,

Vadim.

0 Kudos
10 REPLIES 10

christopher_moh
New Contributor III
In response to vadim_matusovsk

‎12-05-2021 11:56 AM

Hello Vadim,

It should not affect any existing certificates by making that change, since this is how the certificate is stored on that local machine, so it will only affect new deployments.

Regards,

Christopher

vadim_matusovsk
New Contributor
In response to vadim_matusovsk

‎12-14-2021 11:40 PM

Thanks! I will try this.

0 Kudos

vadim_matusovsk
New Contributor

‎12-16-2021 08:08 AM

Hi,

Changed to Machine but still the certificate installed under the user store.

If I export the certs from the user store, and import the computer store it does auth pre-login.

Any advise ?

Thanks,

Vadim.

0 Kudos

pierce_larsen
New Contributor III
In response to vadim_matusovsk

‎01-12-2022 07:02 AM

@vadim_matusovsky  if you change all 3 settings to "Machine/Machine/Machine Only", and publish a snapshot. The cert should then be installed in the Machine store, and if we connect to the WLAN using "Machine Only" as the auth type, this will work both pre and post login. We shouldn't need to do any export if we make the necessary config changes, publish a snapshot, then re-enroll the device. See attached screenshots.

Image_ images_messages_61deed6e7a111244cf5e9cad_e37a7373457c6c0020a3dc195b0da91b_ScreenShot011222at08.00AM-c76bf068-68b8-43ab-b264-04a4b4b109e2-1668149394.PNG
Image_ images_messages_61deed6e7a111244cf5e9cad_35794dc19946d678633ebbd4189d633b_ScreenShot011222at08.00AM001-bbae9f78-3801-4361-9d2f-d9c587bf7a3f-396558347.PNG
0 Kudos

vadim_matusovsk
New Contributor

‎01-12-2022 01:55 AM

@christopher_mohammed Hey, any advise on the above ?

Thanks,

V.

0 Kudos
Copyright © 2024 Khoros, LLC