Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!
Case Studies

Urban Development Organization Moves to 802.1x With SecureW2

BYOD
Consumer App
Enterprise
Microsoft Active Directory
Okta
Security Infrastructure
Wi-Fi
Case Study Hero BG

Deployment Timeline

In March 2018, the client, an eco-friendly urban development company, contacted SecureW2 and another competitor to see which solution between the two, worked best for solving their problems. After trial periods with both, the customer decided to go with SecureW2.

After a few weeks of getting acclimated with SecureW2 the companies’ managed devices were all enrolled with certificates. They have since been fully equipped to handle BYOD certificate self-enrollment for their employees who want to use their own devices to the company network.

Challenges

The company’s IT department had been meaning to move away from PSK since they joined the company, but a missing password which resulted in a company-wide security scare increased the priority. Jeb, an IT manager explained, “After seeing how real the potential for catastrophe with credentials is, everyone on our team started researching better alternatives.”

After several internal meetings, the IT team decided on a number of key problems they needed to solve.

  • They wanted to move away from PSK.
  • They didn’t want to bind their devices into Active Directory.
  • They wanted a certificate-based network but didn’t want to handle the certificate management side of things.

Additionally, any solution the company purchased also needed to be highly scalable. They were – and still are – a growing business spread across multiple physical locations.

Quote Left Icon
During our audit, the pen-tester was able to demonstrate that employees were using their AD credentials on personal devices and passwords could be captured. We decided to switch to passwordless with certificates but still allowed employees to use their personal devices securely.
JEB, IT MANAGER

Another important feature the company needed was an enrollment solution that was more secure than the traditional SCEP URL. They wanted to take advantage of OpenID to work with their existing Okta devices.

Quote Left Icon
OpenID is a way of authenticating a user, that takes the best elements of both SAML and OAuth, and we wanted a solution that would be able to leverage that.
JEB, IT MANAGER

Solution

After evaluating their options with several different vendors, the customer found that SecureW2 was offering the best solution and was willing to help them get the exact network environment they were looking for.

Quote Left Icon
After a trial period with two companies, we found that SecureW2 was exactly what we were looking for. They worked with us and helped us get the exact solution we wanted.
JEB, IT MANAGER

SecureW2 used silent binary tools in combination with OpenID, to have all the clients Jamf-managed devices automatically enroll themselves with a certificate once they had been verified with Okta.

Quote Left Icon
This solution was perfect for us because not only did we have high assurance that no certificates would be issued into malicious hands, but it was a seamless transition for our employees in terms of user experience.
JEB, IT MANAGER

From the end-user perspective, they log in and Okta SSO is prompted, they see nothing else. SSO is supported, so once they are logged in, the certificate distribution is silent and simple.The client also wanted to make sure that certificates were renewed frequently to ensure safety. SecureW2 allowed them to set up certificate auto-renewal. The client easily set up this function through the management portal and now, their users simply use their expired certificate to get a new one each day.

Evaluating Success

SecureW2 was able to provide the client with an 802.1X solution that didn’t need expensive on-premise servers to manage. With a fully customized solution that allows them to leverage OpenID with Okta, they are certain that no bad actors will gain access to valuable company assets.

Their users are able to enroll and renew certificates without ever having to configure anything themselves. They no longer have to worry about any credential leaks or password related issues.

The customer is currently in the process of using SecureW2 enrolling all of the IoT devices, printers, fax machines, copiers etc. with certificates.