The Challenge
A charter school network operating dozens of campuses in a major metropolitan area used pre-shared keys (PSKs) to authenticate every device. PSKs offered no way to identify which user was connected to a device, no ability to revoke access from former students and staff, and no distinction between a school-owned Chromebook and a student’s personal phone.
For a network serving thousands of employees and students across multiple buildings, that lack of visibility was a growing security concern.
The device environment added complexity. School-issued devices ran on Google management for Chromebooks and other classroom hardware. Corporate staff devices — primarily MacBooks — ran on Jamf. Android and iOS student devices connected as unmanaged BYOD.
Each platform required its own enrollment path, but all needed to integrate with Okta as the identity provider across device types. The school needed a cloud-based platform that could handle three distinct enrollment workflows without requiring separate infrastructure for each.
Ease of implementation mattered as much as the technical fit. In a classroom setting, every minute a teacher spends troubleshooting a connection error is a moment taken away from the students’ education. For the school administration, it was crucial to find a zero-touch solution that would minimize disruption for students and faculty.
The Solution
The school successfully transitioned to a high-security, automated network environment with the help of SecureW2. They implemented the JoinNow platform to access self-renewing digital certificates that minimize the risk of unauthorized network access.
The platform automates certificate authorization for Chromebooks and MacBooks, while JoinNow MultiOS provides a self-service path for Android and iOS devices. The result ensures secure network access for students, faculty, and staff, no matter which device they use.
The certificate-based framework replaces manual passwords with unique device identities, providing the IT team with full visibility into every connection and enabling zero-touch configuration for managed devices.
The Results
- Certificate-based Wi-Fi authentication implemented across four dozen campuses, mitigating the risk of unauthorized devices accessing the network.
- Three enrollment paths deployed, enabling access for Google (Chromebooks), Jamf (MacBooks), and self-service BYOD (Android/iOS)
- Okta integration that tied every certificate to a verified user identity across all device types
- Multi-campus rollout that covered dozens of school locations
- Seamless implementation without disrupting classrooms or creating steep learning curves for users.