Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!
Branding
Branding Branding
Login Check our Prices
Case Studies

Hospital IT Staff Heals Insecure Network

BYOD
Cloud Radius
Healthcare
Jamf
MDM
PKI
Wi-Fi
Case Study Hero BG

Deployment Timeline

The client, a university with a hospital program attached, was looking for a way for users from the university and users from the hospital to be able to authenticate to either network without having extraneous authentication steps.

They decided to work with SecureW2 to deploy an EAP-TLS certificate-based solution for both networks. They started deployment in February 2020 and were able to have certificates on all corporate-owned and managed devices by June 2020.

Challenges

IT admins from the client wanted to transition to certificate-based EAP-TLS authentication for both the university and the hospital. The main priority for the client was for health care workers at the hospital to be able to authenticate to the on-campus network using the same certificate they were administered by the hospital Certificate Authority and vice versa.

Quote Left Icon
The campus and the hospital use different network infrastructure, with the hospital utilizing Cisco ICE and the university using FreeRADIUS, so we needed a solution that would allow each RADIUS to authenticate a user regardless of where their certificate was distributed.
KIM, SENIOR IT MANAGER

Solution

After a failed attempt to manually set up their RADIUS, the client contacted SecureW2.  SecureW2 was able to able to assist the client and successfully deploy a RADIUS-backed network that could integrate with both campuses regardless of where the certificate was enrolled.

Our SCEP (Simple Certificate Enrollment Protocol) solutions simplified the enrollment process so administrators could automatically enroll any device for a certificate without any end-user actions necessary. SCEP allows devices to enroll for a certificate by using a URL and a shared secret with the CA to communicate with a PKI.

Quote Left Icon
It was actually so easy, we just needed to follow a few simple prompts and then all of our devices were enrolled. We honestly thought deployment was going to take months instead of minutes
KIM, SENIOR IT MANAGER

As previously mentioned, a major goal was to allow staff with certificates from the hospital to gain network access from the university’s campus and vice versa. SecureW2 provided both parties with their own private certificate authorities to issue certificates to their users. And SecureW2 was able to integrate with the RADIUS providers for each site to ensure that users could access both networks seamlessly.

Evaluating Success

SecureW2 was able to provide the client with an 802.1X solution for both the university and the hospital. Even with the various moving parts from both the school and the campus, SecureW2 was able to integrate with both infrastructures to deploy certificates to all managed devices in a matter of days, and users can enroll their BYOD devices with a certificate in a few minutes.

Students and hospital staff are now able to access the networks from both campuses without the use of vulnerable PSKs or enrolling for multiple certificates.