Back to Customer Stories
K-12 Education
1min read
June 5, 2026

SecureW2 Helps Australian School Safeguard Student Network Access Through Certificate-Based Filtering

At a Glance
Industry K-12 Education
Use Case Dynamic VLAN assignment via certificates, multi-MDM certificate distribution, content filtering by grade
Products Cloud RADIUS, Dynamic PKI, JoinNow Platform, MultiOS for Device Onboarding
Key Result Certificate-driven VLAN segmentation enabling per-grade content filtering across both Windows and Mac devices
Read the Full Story
Schedule Demo

The Challenge

An Australian independent school needed to assign students to different network segments based on their grade level. Each grade required its own VLAN and subnet so the firewall could apply age-appropriate content-filtering rules. Manually configuring VLAN assignments was not sustainable as students moved between grades each year.

The school also operated two MDM platforms: one for Windows devices and one for Macs. Any certificate solution would have to integrate with both platforms and deliver the right certificate attributes to trigger the correct VLAN assignment.

The IT team managed devices across an entire campus of students and staff, all connecting through the same wireless infrastructure. Separate VLANs per grade were already in place, but the authentication mechanism tying a device to the right VLAN had to be automated and made identity-aware.

The Solution

SecureW2 implemented a cloud PKI solution that issues certificates with group membership attributes embedded directly in the certificate payload. This architecture enabled Cloud RADIUS to read those attributes at the authentication stage and immediately assign each device to the correct VLAN, based on the student’s grade-level group in the school’s identity provider.

For Windows devices, certificates deploy through SCEP profiles configured in the MDM platform. Mac devices receive certificates through a separate MDM integration. Both paths deliver certificates from the same SecureW2 PKI instance, keeping the certificate authority chain unified across platforms.

The school’s firewall uses VLAN and subnet information to apply differentiated content filtering. A Year 7 device lands on a different VLAN than a Year 12 device, and the firewall rules reflect the appropriate access level for each grade. When a student advances to the next grade, their group membership updates in the identity provider, and the next certificate issued carries the new VLAN assignment.

The Results

  • Dynamic VLAN assignment by grade: Certificates carry group attributes that place each device on the correct network segment automatically.
  • Two MDM platforms, one PKI: Windows and Mac devices both receive certificates from the same cloud certificate authority.
  • Automated content filtering compliance: Per-grade firewall rules apply without manual network configuration when students change grades.

Learn More About SecureW2

Explore SecureW2's trust model, dive into our platform and product details or read more success stories.

Why SecureW2

Establish continuous trust with Dynamic PKI and Cloud RADIUS. Enforce access based on live identity, device posture, and risk context.

  • Passwordless authentication that can’t be phished
  • Works with your IdP, MDM, and security stack
  • Real-time policy engine for dynamic access control
Learn More
Explore the Platform

Get the essentials on the products that power continuous enforcement.

SecureW2 JoinNow Platform
SecureW2 Dynamic PKI
SecureW2 Cloud RADIUS
MultiOS for Self-Service Onboarding
Integration Hub
Knowledge Base Articles

Explore practical guidance from engineers and admins deploying SecureW2.

  • Setup and configuration tutorials
  • Integration best practices with IdPs and MDMs
  • Troubleshooting guides for PKI and RADIUS
Browse Explainers