Back to Customer Stories
Higher Education
1min read
June 13, 2026

How SecureW2 Protects 70,000+ Students at a Leading Research University

At a Glance
Industry Higher Education
Use Case EAP-TLS migration for 15,000-AP wireless environment
Products Cloud RADIUS, Dynamic PKI
Key Result With infrastructure migration complete, migration to certificate-based authentication can begin
Read the Full Story
Schedule Demo

The Challenge

The wireless team lead at a major public research university manages 15,000 access points and roughly one million RADIUS authentications per day, all using a legacy password-based authentication system. The team was overwhelmed managing LDAP and RADIUS. They also wanted a more secure authentication method to keep the 70,000+ students safe on the network.

Password-based authentication also meant a layer of permanent noise: users change passwords on mobile devices, Wi-Fi fails silently, and with solid 5G coverage on campus, they never notice. Failed authentications ran every 10 seconds, indefinitely. This created constant maintenance headaches for the wireless team.

Migrating to EAP-TLS would eliminate the LDAP burden, end the password-change failure loop and remove the AD team dependency. SecureW2 offered a path to do all three.

The Solution

Working closely with the team at SecureW2, the university completed a major overhaul of its wireless infrastructure, replacing all 15,000 access points and migrating from its legacy vendor to Juniper Mist.

This transition, while demanding, modernized the foundation on which the new certificate-based authentication system would be built. The university also documented its full technology stack, including its RADIUS infrastructure, identity providers and MDM platforms, to allow the SecureW2 engineering team to design an integration architecture tailored to the university’s specific environment.

The Results

The university is ready to complete the EAP-TLS migration. The infrastructure migration is complete, and plans are in place for a seamless transition to certificate-based authentication.

With the infrastructure migration finished, the wireless team lead is positioned to complete the EAP-TLS migration on the managed PKI. Replacing the legacy NAC appliance with a cloud-based RADIUS would close the loop on the vendor transition. After addressing various setbacks, the conditions for certificate-based authentication across 15,000 access points are finally in place.

Looking ahead, the team anticipates a major increase in operational efficiency, thanks to the switch to certificate-based authentication. Students and faculty will be more secure, and the wireless team will be free to focus on more high-level projects instead of managing the RADIUS server.

Learn More About SecureW2

Explore SecureW2's trust model, dive into our platform and product details or read more success stories.

Why SecureW2

Establish continuous trust with Dynamic PKI and Cloud RADIUS. Enforce access based on live identity, device posture, and risk context.

  • Passwordless authentication that can’t be phished
  • Works with your IdP, MDM, and security stack
  • Real-time policy engine for dynamic access control
Learn More
Explore the Platform

Get the essentials on the products that power continuous enforcement.

SecureW2 JoinNow Platform
SecureW2 Dynamic PKI
SecureW2 Cloud RADIUS
MultiOS for Self-Service Onboarding
Integration Hub
Knowledge Base Articles

Explore practical guidance from engineers and admins deploying SecureW2.

  • Setup and configuration tutorials
  • Integration best practices with IdPs and MDMs
  • Troubleshooting guides for PKI and RADIUS
Browse Explainers