The Challenge
A university wanted to improve wireless security and reduce help desk tickets, while providing seamless network access to students and faculty. Administrators wanted to create a self-service BYOD enrollment system. The school also wanted to provide network access to guest devices, IoT sensors, and department-owned equipment, all with carefully calibrated levels of trust.
There were some built-in challenges. Domain-joined machines required a different enrollment path than personal devices. And as the university’s digital footprint grew, the IT team needed a platform that could scale with them — adding capabilities year over year without ripping out what already worked.
The Solution
The university started by deploying JoinNow MultiOS for self-service BYOD enrollment and JoinNow PKI for certificate management. Students and staff enrolled their personal devices through a guided workflow that issued digital certificates tied to their university identity.
Following the successful BYOD deployment, the university expanded its JoinNow deployment to cover the growing population of devices that did not belong to any individual user but still needed controlled network access — like guest devices and IoT tools. Later, JoinNow was extended to handle domain-joined machines through a separate enrollment path, issuing certificates to university-owned equipment, managed by IT.
Recently, the university consolidated its certificate management into a single, centralized architecture with continuous trust monitoring capabilities. The upgrade brought the ability to enforce compliance checks throughout the certificate lifecycle, not just at the moment of issuance.
Each expansion built on the infrastructure already in place. The channel partner managing the relationship facilitated procurement through annual renewals, keeping the upgrade path smooth and predictable for the university’s budget cycle.
The Results
- BYOD, guest, IoT, and managed devices all secured under a single certificate-based platform
- Reduced IT burden through self-service BYOD enrollment, empowering students and staff to onboard their own devices without help desk assistance
- Expanded security coverage incrementally over multiple years, with each phase building on existing infrastructure
The deployment illustrates what a phased approach to certificate-based network security looks like in practice. Starting with BYOD and expanding into guest authentication, managed devices, and continuous trust enforcement, the university built a comprehensive security posture one layer at a time.