Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!
Case Studies

Private University Graduates to Certificate-Based Authentication with Smart Cards

Azure
BYOD
Cloud Radius
Device Onboarding
Higher Ed
Intune
Microsoft Active Directory
PKI
Smart Card
Wi-Fi
Case Study Hero BG

Deployment Timeline

This customer first got in touch with us in September of 2022. They had an interesting goal: to equip their IT department with certificate-backed smart cards for easy on-the-go authentication. Of course, this was just the first item on their agenda – they were also interested in certificate-based authentication at an organizational level without needing on-premise infrastructure.

Deployment was smooth and efficient. Within just three weeks, we were able to deploy a tailor-made bundle of solutions for them.

Challenges

Anyone who has worked in IT before understands the unique challenges associated with providing technical support. One such challenge is the hassle of having to input your credentials on multiple devices throughout the day as new issues arise all over the organization. Over time, these logins can really add up, decreasing your productivity and increasing your frustration.

Quote Left Icon
Not only did we have to provide support for students with a diverse range of devices, but we had to support our faculty, as well, This meant that our IT team had to log in constantly throughout the day, which just made each ticket take more time than it needed.
EMMANUEL, INFORMATION SECURITY MANAGER

One day, the organization had an idea: what if they could take the certificates they were already using on the move with them? The technology for this already exists in the form of smart cards, although equipping these external devices with certificates is its own challenge. This was the first problem we were asked to tackle.But there were certainly other considerations to make, as well. The university already had its own on-premise PKI backed by AD CS, as well as its own on-premise RADIUS server. Managing these things on their own was becoming an increasingly large stressor, and also stood in the way of their dream of using certificates for mobile authentication via smart card.

Solution

Step one was ensuring the university had a solid authentication system to rely on, especially since they were finding their on-premise AD CS and NPS troublesome. We helped them deploy JoinNow Connector PKI, our cloud-based managed PKI solution. This would enable them to create and manage as many certificates and certificate authorities as they need.

The certificates also need to be authenticated by something, and that’s where our Cloud RADIUS came in. Cloud RADIUS is another cloud-based managed solution, and it was created specifically for passwordless authentication with digital certificates. With both JoinNow Connector PKI and Cloud RADIUS, we were able to completely replace the university’s AD CS and NPS.

The next step was making sure certificates could be distributed to the devices they needed, especially the IT team’s smart cards. For that, we offered our Smart Card Management System and JoinNow MultiOS, which is a self-service onboarding technology. This also helps prepare them for the future; because the university is also interested in someday enrolling student-owned devices for certificates, JoinNow MultiOS is an excellent solution that students can use to configure their own devices in just a minute or two.

Quote Left Icon
All our IT staff has to do is put in their smart card and enter a quick pin code to log into our desktops. It saves them so much time
EMMANUEL, INFORMATION SECURITY MANAGER

With the IT team’s smart cards enrolled and configured for certificates, there’s no need for them to input their credentials every time they need to log into another desktop as an admin. Logging in is as quick and simple as plugging in their smart card. SecureW2’s smart card login module will pass on the authentication request to Microsoft’s own smart card login system, which simply prompts them for a pin code.

Evaluating Success

Now, resolving tickets is a much more streamlined process for the university. IT staff members are able to log into university desktops within a couple of seconds – no need to enter their credentials every time.

Other faculty devices are now equipped with certificates, as well. This means the staff as a whole enjoys the easier process of logging in with certificates. They don’t need to reset their passwords every few months or deal with the hurdle of having to retype their passwords every time they log into a device or an application, or reconnect to the university’s Wi-Fi.

Quote Left Icon
SecureW2’s Smart Card Management System has made responding to support tickets a cinch. Our support department can log into any desktop just by plugging in a smart card
EMMANUEL, INFORMATION SECURITY MANAGER

In the future, they look forward to deploying JoinNow MultiOS so students can configure their own devices for secure, passwordless Wi-Fi access.