The Challenge
A rural community college in Michigan was running its Wi-Fi network on pre-shared keys — a known vulnerability for any organization. The two-person IT team had previously evaluated the JoinNow Platform for certificate-based authentication, but they shelved the project. When the need to upgrade their security became pressing, they returned to SecureW2 for a solution.
The college ran a mixed-vendor infrastructure: wireless controllers from Meraki and wired switches from Fortinet. Both required 802.1X authentication, which meant the certificate and RADIUS solution had to work across hardware brands without vendor lock-in. The IT team also needed to support BYOD devices alongside college-managed endpoints without adding headcount.
Staffing gaps made the timeline unpredictable. The two remaining IT staff members needed a flexible deployment model that matched their availability.
The Solution
The JoinNow Platform provided the full stack: Cloud PKI for certificate issuance, Cloud RADIUS for authentication, and BYOD onboarding for unmanaged devices. The college’s MDM platform handled certificate distribution to managed endpoints via SCEP profiles, with identity attributes pulled from their cloud directory.
Deployment lasted a few months. Sessions were scheduled on Thursdays, allowing the IT team to test changes over the weekend without affecting users. Managed devices received certificates automatically via MDM integration. BYOD users enrolled through a self-service portal tied to the college’s identity provider.
On the wired side, switch port policies authenticated devices against the RADIUS server using the same certificates. The IT team configured both wired and wireless 802.1X from the same SecureW2 tenant, keeping policy management centralized despite using two different hardware platforms.
The Results
- Not one enrollment failure: a 0% failure rate across all managed device certificate deployments
- Wired and wireless 802.1X live: both switch port policies and wireless authentication run through Cloud RADIUS with certificate-based access
- Pre-shared keys eliminated: the college’s Wi-Fi network now requires a valid certificate for every connection
- Two-person deployment: the entire rollout was managed by two IT staff members alongside their existing responsibilities, with no outside consultants
Guest Wi-Fi is the final piece in progress, extending the platform to visitor access. The college plans to manage guest authentication through the same SecureW2 tenant used for wired and wireless 802.1X.
“I have zero enrollment failures — 0% enrollment failures. Meraki port policies working, Fortinet port policies working. Everything works great.”
IT Systems Administrator