Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!
Branding
Branding Branding
Login Check our Prices

Network Access Control Service
Designed for Your Cloud

Enforce network access control (NAC) for trusted identities with SecureW2's agentless 802.1x platform.
Leverage policies from Okta, Entra ID, Jamf, CrowdStrike, and more to ensure only trusted, compliant users/devices access the network.

Certificates are Critical for Network Access Control

Our Certificate Lifecycle Management solution was designed to seamlessly extend your cloud identity environment. Create as many certificates as needed based on your identity infrastructure's user and device groups. Our managed cloud PKI solution allows you to create certificates for:

  • Network Authentication (Wi-Fi and VPN)
  • Application Access
  • Code Signing
  • Smart Cards/Yubikeys
  • Desktop Login
Featured Image

Network Access Control
For All Your Devices

Certificate-based authentication may be the highest level of Network Access security, but it’s not always feasible for all your devices. Guests or employees using personal devices on the enterprise network can’t adhere to the same security posture as other users. Fortunately, our NAC solution can provide unique security controls for every type of user you might have.

  • Certificate-Based Network Access: Easily issue certificates to all endpoint devices for managed and unmanaged systems used for work
  • WebAuth Wi-Fi with Cloud IDPs: Secure Captive Portal for network access. Great for tying BYODs to Azure AD, Okta, Google, or OneLogin credentials.
  • NetAuth Guest Platform: Allow guest users and IoTs access with our self-service login functionality or through access sponsored by your employees.
Featured Image

What Real Customers Have to Say About SecureW2

At SecureW2, we have a laser focus on making products and services that customers love. But don’t take our word for it, check out what some of our customers are saying:

See all SecureW2 JoinNow Reviews
Best Support & Implementation Experience In my Career

5-Star Support Experience - Thorough assistance for planning, testing and implementation -Fantastic functionality - Thorough Integration Support

Profile Photo
Josh H. Computer Software
Like a great Offensive Lineman

The implementation was seemless and easy. It worked immediately, and the individuals working with us were able to tell us exactly what to do.

Profile Photo
Reagan H. Financial Services
SecureW2 Makes Wi-Fi Authentication Easy

With SecureW2, we are finally able to stop using user name an passwords for Wi-Fi authentication and strictly use machine based certificates. This has alleviated several pain points with our users.

Profile Photo
Verified User in Primary/Secondary Education Verified User in Primary/Secondary Education
Quick, painless deployment with little to no maintenance

Very little time was spent configuring the product. SecureW2 was able to help walk my team through all necessary configurations to create our PKI environment and automate certificate deployment. Since then everything has simply just worked and is integrated perfectly with out device lifecycle.

Profile Photo
Verified User in Information Technology and Services Verified User in Information Technology and Services
Easy to integrate simple to deploy securing a large global network.

The White Glove Service made it easy to implement and connect to our services The team has been very knowledgeable, And implementation into the network was very simple.

Profile Photo
Jason B. Information Technology and Services

Network Access Security Designed for Your Cloud

Leverage passwordless authentication through digital certificates for a more secure connection to any user and device connecting to your network. Digital certificates enhance network access control as they are non-exportable, providing a unique identity context and making network segmentation easier.

Featured Image

Enforce Network Access Control Policies in Real-Time

Passwordless security for your RADIUS requires a robust framework to authenticate devices, networks, and apps strongly. Eliminate frustrating password complexity and reset employee policies on corporate networks and devices while significantly improving authentication security for Wi-Fi, VPN, Single-Sign-On, and more.

  • Tie user/device identity to every connection for detailed tracking and segmentation.
  • Avoid unauthorized users/devices from accessing the network.
  • Divide your network into smaller VLAN segments to prevent attacks on the system surface.
  • Lookup user/device status in all significant Cloud Identity Providers to authenticate them in real time; auto-revoke certificates when lookups fail.
Featured Image

Certificate Lifecycle Management Designed for Your Cloud Environment

With SecureW2, using digital certificates for network access control is easier than ever. Our Certificate Lifecycle Management solution extends your cloud environment, automating the certificate lifecycle based on real-time data from your Cloud Identity. Now, you can use all your Azure, Okta, Jamf, or Intune policies to automate certificate management.

  • Search for users/devices and easily view all their digital certificate lifecycles and authentication events in one place for easy troubleshooting and management.
  • Simple and secure. Offers protection for Private Keys using FIPS140-2 Level 3+ standard HSM's.
  • Integrate with ease to nearly every device management system or with BYODs/unmanaged devices.
  • Automate certificate enrollment and revocation to all your managed devices through our APIs.
  • Total cost of ownership (TCO) is less than a third of comparable on-premise PKI solution.
Featured Image

Auto-Enroll Certificates to Managed Devices

Certificate distribution and management for all your managed devices with no need for complex infrastructure changes.

  • Zero-touch certificate distribution and renewal via extensive APIs including SCEP, JSON, WSTEP, EST, and more
  • Auto-revoke certificates through your MDM when a user/device leaves the organization.
  • Proven integration with all major MDMs including Jamf, Workspace One, Soti, Mosyle, MobileIron, Meraki, and many more

All it takes is two easy steps:

  • Step 1: Configure your MDM platform with our PKI services.
  • Step 2: Send out configuration profiles directing managed devices to auto-enroll for a certificate and self-service for 802.1X.
Featured Image

Onboard BYODs to Your Network Easily

BYODs and unmanaged devices don’t have to be complex or time-consuming to configure for secure network access.
  • Provides passwordless enrollment for robust authentication.
  • Prevents unauthorized users and devices from accessing confidential/unauthorized data.
  • Stop Over-the-Air Cyber Attacks from Intercepting Sensitive Information.
  • Integrates natively with every major Identity Provider. Entra ID, Okta, Google..etc.
  • Windows
  • Windows

See for yourself how user-friendly the Network Access process can be!

Network Access Control FAQS

How Does a PKI and RADIUS Enable Network Access Control?

Network access control (NAC) combines software, rules, and policies to help establish access control in a restricted environment. NAC solutions can be achieved using various technologies. Some use agents that always stay active on devices, while others leverage infrastructure outside the device. SecureW2’s network security solution leverages RADIUS and PKI technology to control access and authorization of your network without requiring an agent to stay persistently active on the device. Our PKI integrates with your identity and device management infrastructure so you can be confident that only trusted users and devices are issued certificates. Since certificates can be configured to be non-exportable from the device (unlike passwords), you have high assurance of the users/devices behind every network connection. But you need a server to validate all those certificates, and our Cloud RADIUS server was designed from the ground up for certificate-based authentication. It leverages powerful identity integrations to see and apply the latest policies in your identity infrastructure to determine in real-time which devices or authorized users should be allowed in the network and how much access they should be authorized.

What Network Access Control Policies Can Be Configured in SecureW2?

With the Network Access Controls options in our management portal, you can configure role-based, policy-based, and attribute-based access policies. Role-based access Control (RBAC) assigns users permissions based on the organization's designated roles. Policy-based access Control sets policies to manage user access to data and systems. Attribute-based access Control applies access policies based on very granular attributes for precise decision-making, like name, email address, geographical location, or environmental attributes. SecureW2 was designed to ingest any attribute, role, or group from your identity or device management systems. This provides a foundational platform to enable highly automated network access control. The most common policies configured in SecureW2 are for VLAN segmentation. Cloud RADIUS makes run-time-level policy decisions based on the attributes you configure in your certificates or the lookup during authentication to segregate authorized users into separate VLANs.

How Does a Public Key Infrastructure (PKI) Enable More Robust Network Security Policies?

At a high level, you can identify with 100% accuracy the users/devices allowed on your network, enabling world-class segmentation. A Public Key Infrastructure (PKI) allows your organization to implement the security of digital certificates. Certificate templates contain in-depth context that can be used to create policies, including factors such as:
  • User Attributes
  • User Groups
  • Device Serial Number
  • User Email
  • Operating System
  • Whether the device is managed or unmanaged
  • Issuing Certificate Authority
  • Model Number
  • MAC Address
  • Certificate Validity
Administrators can easily create policies around specific user groups, such as segmenting different departments into their VLANs.You can also create policies that put particular types of devices into their networks, such as preventing BYODs/unmanaged devices from accessing a given network. Our unique managed PKI integrates seamlessly with your existing infrastructure to leverage the most up-to-date information. We have advanced integrations with MDMs like Intune Jamf that allow us to automatically revoke certificates when users are moved into particular smart or static groups. This ensures that only the most current access policies are consistently applied.

Why Should I Consider Transitioning Away from Password-Based Network Authentication?

Password-based authentication leaves your network resources vulnerable to security risks like Man-in-the-Middle (MITM) and phishing attacks. Aside from direct attacks by hackers, your end-users may mismanage their passwords. Users often forget, reuse, and even share passwords with friends, family, and colleagues. Passwords also offer zero assurance around device trust, which is now a NIST Requirement for any organization doing research or working with federal entities. There’s also the end-user experience to consider. Managing a plethora of ideally unique and complex passwords can be frustrating. By using a passwordless form of authentication, such as digital certificates, your users no longer have to deal with the annoyance of creating new passwords or being disconnected from resources when their passwords expire. Transitioning to a passwordless network authentication secures your network through phishing-resistant digital certificates. You can set specific policies to take complete control of your network.

How Do Your PKI and RADIUS Integrate with Our Infrastructure?

SecureW2’s PKI and RADIUS can integrate with your infrastructure in various ways. First, our PKI can leverage information from your Identity Provider or device management platform at the time of certificate enrollment, encoding those attributes in certificate templates. With Intune and Jamf, our PKI uses enhanced integrations, allowing for automatic certificate revocation. Cloud RADIUS integrates with all major cloud Identity Providers, but has enhanced integration with Azure AD (Entra ID), Google, Okta, and OneLogin. At the time of authentication, Cloud RADIUS can verify a user’s status in any of the aforementioned IDPs in real-time. If you haven’t had time to revoke a certificate, Cloud RADIUS’s Identity Lookup feature will deny network access if the user has been deactivated in your identity platform.

Can I Use the Security Policies from My Cloud Identity Provider on Your Platform?

Yes, SecureW2 was designed with this specifically in mind. Security policies determine who gets access to what on an organizational network. As an existing organization, you may have set security policies on your infrastructure that can be used on SecureW2’s platform. SecureW2’s Dynamic Policy Engine integrates with existing IDPs like Google, Okta, and Azure, which helps admins implement policy decisions during authentication. Our Cloud RADIUS allows you to enforce policies with user/device lookup in real-time against IDPs to ensure secure and efficient access management.

Can I Leverage My Security Policies from my MDM with Your Platform?

You can seamlessly transfer security policies from your MDM to SecureW2’s Managed PKI. Our Managed PKI lets you transfer security policies from major MDMs like Jamf, Intune, and Mosyle, to name a few. Integrating with SecureW2’s Managed Gateway API lets you use SCEP, JSON, and ACME to provide digital certificates to Windows, MacOS, iOS, and Google Chromebooks. You can now set policies and send configuration profiles to your managed devices for auto-enrollment and 802.1X authentication for effective policy enforcement. With SecureW2, you can enable zero-touch issuance, renewal, and revocation of certificates. Our PKI employs advanced integrations with Intune and Jamf in particular. If you use Intune or Jamf, we can check specific groups in them every several minutes, automatically revoking certificates from devices in those groups.

Does Your Platform Offer Network Access Control Solutions for IoT Devices that Can’t Support Certificate-Based Authentication?

Cloud RADIUS supports MAC Authentication to provide network access control for devices that do not support 802.1X authentication, like printers and IoT devices. SecureW2’s Cloud RADIUS supports MAB and MAC address filtering. It segments your devices with a dynamic access list and VLAN assignments, so your less secure IoT devices are properly segmented from trusted, managed devices. You can easily upload .csv files, including all your devices, segment them into groups, and dynamically segment them into different VLANs.

How Can We Allow Guest Network Access without Compromising Network Security?

Cloud RADIUS offers an easy-to-use Web Authentication captive portal as one option. It works by presenting a captive portal when users join the network. After their credentials are validated, they are authorized to access the network. The MAC Address is saved for subsequent authentications and for admins to understand and track the users and devices using the network.

JoinNow NetAuth is another product by SecureW2 that allows secure guest network access without compromising network security. Your guests can now access your network through self-registration or sponsored access. The JoinNow NetAuth also allows you to automate access policies where you can determine the level of access that can be provided to a guest on your network. Your guests can access an encrypted network combined with SecureW2's JoinNow MultiOS.

What's the Difference Between Network Admission Control and Network Access Control?

Network Admission Control or Network Access Control prevents access to a network unless specific conditions and policies are met. Users and devices must authenticate when a corporate network is configured for NAC solutions before accessing corporate networks and applications. NAC is enforced through various devices and solutions, like switches, routers, VPNs, and credential-based access. Network Admission Control denies access to unauthorized or non-compliant devices and quarantines them, thus securing network endpoints from unauthorized access, and security threats while enhancing network security.