The Challenge
A large school district in the southern United States had no visibility into which devices were connecting to its Wi-Fi network. With more than 13,000 employees, across more than 75 locations, and a device fleet spanning Windows, macOS, Chromebooks, iPads, and Android, the district needed to identify individual devices, enforce access policies, and revoke credentials at the device level.
Currently, for example, the network team could not distinguish a district-owned Chromebook from a personal phone and could not safely allow students to bring personal devices onto the network at all.
The district wanted to change that. Enabling BYOD for high school students would reduce pressure on shared device inventories and meet students where they already were: on their own phones and laptops. But BYOD without device-level authentication and content filtering was a non-starter.
The district needed a platform that could issue certificates to every managed device across all operating system platforms, onboard student BYOD through a self-service portal, and integrate with the district’s content filtering system to deliver SSL inspection certificates alongside Wi-Fi credentials.
The Solution
The school district’s deployment integrates the JoinNow Platform directly into the existing IT services for seamless security operations. Managed devices receive certificates through their respective MDM workflows, covering Windows, macOS, Chromebook, and iPad. Each certificate ties the device to a verified identity in order to give the network team full visibility into what is connected and who is using it.
For BYOD, high school students access a self-service onboarding portal with a custom CSS stylesheet. The onboarding flow provisions two certificates: the SecureW2 certificate for Wi-Fi authentication and the district’s content filtering certificate for SSL inspection.
Guest access runs through a separate portal with self-registration and sponsored guest options. Visitors receive temporary network credentials without touching the secure SSID used by managed devices and authenticated BYOD. The district is also developing a guest management layer that will keep visitor traffic isolated while giving the district a simple access experience for parents and visitors.
The Results
- A single certificate-based authentication platform serves all 75+ district campuses
- Student BYOD is enabled for the first time, made possible by device-level visibility and content filtering
- Content filtering certificate is co-deployed alongside Wi-Fi credentials in one onboarding step
- Guest management provides self-registration and sponsored access for visitors without exposing the secure network
With every managed device and student BYOD authenticated through certificates, the network team has the visibility and control to enforce policies at scale across every campus, every device type, and every user.