In a nutshell, SecureW2 helps organizations achieve passwordless network access by providing a managed Public Key Infrastructure (PKI) and RADIUS service. These two core products work together to empower wired and wireless networks and VPNs with an enhanced, passwordless authentication method for increased security and improved end-user experience.
Our PKI services are commonly integrated with MDM systems, as a way to deliver certificates and configure devices to use those certificates for Wi-Fi or VPN authentication. We integrate with your MDM to issue certificates through the Simple Certificate Enrollment Protocol (SCEP), automatically pushing 802.1X Wi-Fi profiles at the same time to your managed endpoints.
In this post, we’ll be carefully addressing each step of the adoption process for how we integrate with your device management platforms, and explaining what types of changes you’ll experience as you roll out our platform to your organization. We pride ourselves on a smooth deployment process and a strong, knowledgeable support team. Here’s how it all works.
Overview of How SecureW2 Integrates with Your MDMs
The full adoption and rollout process differs based on your environment. One of the key factors for determining what it will be like is whether you’re securing managed or unmanaged devices with our platform. Since we’re focusing on MDM integrations in this particular article, we’ll give an overview of what the setup looks like with your endpoint management systems.
As a quick summary, you’ll generally go through these steps as you get set up:
- A series of 2 or more initial configuration calls (the exact number depends on your environment)
- A meeting to confirm the policies and authentications you need
- A follow-up call to ensure your deployment went smoothly
In general, these meetings are spread out over from 2-4 weeks. However, this is entirely dependent on whatever timeline your organization is most comfortable with. We’ll detail the calls more below.
How Many Calls?
The process of adoption starts with a series of calls in which your team will meet with our support team. Exactly how many calls varies based on your infrastructure and the number of things we’ll need to configure integrations with. We’ll have a kickoff meeting where we outline the process for you, and during this meeting, we recommend scheduling all other calls so all parties have a clear plan. If possible, we’ll also ask you for a rollout date here, which will help us define your schedule and prepare for any extra support you may need as the date approaches.
At a very basic level, you’ll have at least one hour-long call in which we configure general features of our RADIUS and PKI with your infrastructure. This includes at least one MDM integration. For each additional MDM you need us to integrate with, expect there to be another hour.
Afterward, we’ll want to confirm the policies you need set up and that everything is working correctly. This takes another hour.
That’s all it takes in the beginning. On these calls, our support team will work with you to provide a white glove deployment experience, helping you set up exactly which policies you need and integrating with your MDM(s) and Identity Provider(s). We’ll answer any questions you need, provide you with any necessary documentation, and walk you through it.
Later on, just to confirm everything is working smoothly for you, we’ll follow up again with a 30-minute checkup call. The purpose of this call is to ensure your implementation was successful and address any concerns you may have. If you have time, we can even make these calls recurring on a quarterly basis, although you can reach out to our support team whenever you need help.
Who Needs to Be on the Calls?
Who we need to talk to from your organization can differ based on your unique infrastructure and needs. Since job titles vary from organization to organization, we’ll list out what attendees need to have access to rather than specific titles.
Generally, we’ll need people with the following types of administrative-level access:
- Access to your endpoint management platform (MDM)
- Access to your Identity Provider (IDP)
- Access to your network infrastructure (controllers and RADIUS, if you have an on-premise RADIUS)
These people will be meeting with one or more of our support team members and someone from our customer success team to ensure a smooth transition.
What are the Goals of the Calls?
The calls we have are generally segmented into one of two types: calls in which we are setting up for deployment in an environment for unmanaged devices/BYODs, and those managed by an MDM. As you can imagine, the specifics and goals depend on which category of call.
However, the overall goal is to implement successfully and test your implementation to make sure everything is running smoothly. Afterwards, we want to ensure you have time to test our platform off-call and get a feel for how it works.
If there are any issues, the goal in our next scheduled call will be to resolve those issues and determine why they occurred in the first place. At the end of the day, our ultimate goal is to ensure that you understand how our solutions work and how to use them to your greatest benefit.
Making the Rollout Easier
One concern we hear the most from organizations as they roll out our platform is how big the changes can be. Many administrators worry that these changes will cause unnecessary interruptions to employees’ productivity, such as disconnects from Wi-Fi or applications.
That’s typically not the case. We strongly encourage our customers to run their new, secure SSID in parallel to their old one if they’re using SecureW2 to transition to certificate-based Wi-Fi. That way, you can ease users in over time rather than all at once.
With managed devices, the configuration process occurs in two phases: certificate enrollment and configuring those certificates for Wi-Fi authentication. Start with a test group of users first, then check their connectivity first before you roll it out to the rest of your users. We recommend starting with the group of users that would be least affected by drops in connectivity.
Rolling Out SecureW2: the Basics
How Long Does it Take?
We estimate the process can take anywhere from 2-4 weeks to fully deploy, but that is entirely dependent on your schedule. As we mentioned above, there are a few calls you’ll need schedule and people you’ll need to get together for those calls. However, we can meet your needs as quickly as you require, so if you have a faster timeline in mind, don’t hesitate to let us know.
The sooner we can get through the implementation calls with your administrators, the faster you can roll out our platform. Off-call, you can take as much time as you need to acclimate.
When Should it Be Done?
When you should go through each phase of the rollout process is another question our customers face. This is especially common with educational facilities that may be closed during the summer or for holiday breaks, but it also applies to enterprises. Many administrators worry about disrupting end-user network access and may therefore put off the process of implementing our platform longer than necessary.
The answer is that it depends on your organization and availability. Our support team is experienced and has worked with thousands of enterprises, though, and you can rest assured that we can help you deploy as quickly and smoothly as possible with minimal disruption to your environment.
Schools and higher education institutions can certainly work around breaks. With other types of organizations, it’s much more variable, but we can work around whichever schedules work best for you.
What Needs to Be Configured?
At a very high level, we’ll need to work with you to configure connections to your MDM and IDP, the SCEP profiles necessary to issue the certificates, and any policies you might want to have surrounding those certificates. For example, you might want to have users segmented into separate VLANs on your network based on which department they’re from.
For Intune and Jamf specifically, we offer enhanced integrations that make auto-revocation possible. With auto-revocation, our PKI can check specific groups in either Jamf or Intune every several minutes. When devices are added to those groups, their corresponding certificates will be revoked automatically. This doesn’t take long to configure, but if you do use the aforementioned MDMs, we’ll discuss this option with you, as well.
For a more in-depth look at the things we’re configuring, you can watch the video above.
Bottom Line: We’ve Handled Thousands of Deployments – and We’ll Handle Yours
We know as well as anyone that implementing a PKI or RADIUS (or both!) solution can be intimidating, especially the more end-users it involves. But we’ve had over a decade to refine our deployment process by working with organizations from all over the world, including The Pokemon Company, Dunkin Donuts, and Peloton. We’re familiar with all the components we’ll need to integrate with, and how to integrate with them. Over the years, we’ve worked with all major Identity Providers, MDMs, access point vendors, and firewalls.
If you’d like to learn more about how the process works, check out our documentation hub. We’ve created – and continue to update – detailed guides there regarding the ways our platform is used and how to configure our solutions. You can also see what actual customers have had to say about working with us by visiting our page on G2. Of course, if you have any questions or concerns, our team is here to help, too; you can contact us when you need.
