Back to Customer Stories
Higher Education (Community College)
1min read
July 9, 2026

Community College Replaces Pre-Shared Keys with Certificate-Based Authentication Across Wired and Wireless Networks

At a Glance
Industry Higher Education (Community College)
Use Case PSK-to-certificate migration for wired and wireless 802.1X, BYOD onboarding, guest Wi-Fi
Products Cloud RADIUS, Dynamic PKI, JoinNow Platform
Key Result Zero enrollment failures across managed and BYOD devices, with certificate-based authentication live on both wired and wireless networks

The Challenge

A rural community college in Michigan was running its Wi-Fi network on pre-shared keys — a known vulnerability for any organization. The two-person IT team had previously evaluated the JoinNow Platform for certificate-based authentication, but they shelved the project. When the need to upgrade their security became pressing, they returned to SecureW2 for a solution.

The college ran a mixed-vendor infrastructure: wireless controllers from Meraki and wired switches from Fortinet. Both required 802.1X authentication, which meant the certificate and RADIUS solution had to work across hardware brands without vendor lock-in. The IT team also needed to support BYOD devices alongside college-managed endpoints without adding headcount.

Staffing gaps made the timeline unpredictable. The two remaining IT staff members needed a flexible deployment model that matched their availability.

The Solution

The JoinNow Platform provided the full stack: Cloud PKI for certificate issuance, Cloud RADIUS for authentication, and BYOD onboarding for unmanaged devices. The college’s MDM platform handled certificate distribution to managed endpoints via SCEP profiles, with identity attributes pulled from their cloud directory.

Deployment lasted a few months. Sessions were scheduled on Thursdays, allowing the IT team to test changes over the weekend without affecting users. Managed devices received certificates automatically via MDM integration. BYOD users enrolled through a self-service portal tied to the college’s identity provider.

On the wired side, switch port policies authenticated devices against the RADIUS server using the same certificates. The IT team configured both wired and wireless 802.1X from the same SecureW2 tenant, keeping policy management centralized despite using two different hardware platforms.

The Results

  • Not one enrollment failure: a 0% failure rate across all managed device certificate deployments
  • Wired and wireless 802.1X live: both switch port policies and wireless authentication run through Cloud RADIUS with certificate-based access
  • Pre-shared keys eliminated: the college’s Wi-Fi network now requires a valid certificate for every connection
  • Two-person deployment: the entire rollout was managed by two IT staff members alongside their existing responsibilities, with no outside consultants

Guest Wi-Fi is the final piece in progress, extending the platform to visitor access. The college plans to manage guest authentication through the same SecureW2 tenant used for wired and wireless 802.1X.

“I have zero enrollment failures — 0% enrollment failures. Meraki port policies working, Fortinet port policies working. Everything works great.”

IT Systems Administrator

Learn More About SecureW2

Explore SecureW2's trust model, dive into our platform and product details or read more success stories.

Why SecureW2

Establish continuous trust with Dynamic PKI and Cloud RADIUS. Enforce access based on live identity, device posture, and risk context.

  • Passwordless authentication that can’t be phished
  • Works with your IdP, MDM, and security stack
  • Real-time policy engine for dynamic access control
Explore the Platform

Get the essentials on the products that power continuous enforcement.

Knowledge Base Articles

Explore practical guidance from engineers and admins deploying SecureW2.

  • Setup and configuration tutorials
  • Integration best practices with IdPs and MDMs
  • Troubleshooting guides for PKI and RADIUS