Enterprise Wifi

Enterprise WIFI Security

Protect your Enterprise Wireless Network


The weak link in WIFI security is usually lack of strong authentication

Most companies are equipped with an Enterprise WIFI from Cisco or similar network device vendor. WIFI provides over-the-air bridging to your corporate infrastructure and for that, needs to be secured accordingly. The weak link in WIFI security is usually lack of strong authentication: access is granted either with a pre-shared key, or at best, with simple username and password.

RCDevs provide you

The only solution which supports OTP/MFA for WIFI

RCDevs’ Enterprise WIFI security is a more secure way to grant access on a per-user basis, using IEEE 802.1X protocol family, Multi-Factor Authentication (MFA) and X.509 Client Certificates (PKI).

OpenOTP supports the major IEEE 802.1X standards, including EAP-GTC (commonly used with Cisco devices), EAP-TTLS-PAP and EAP-TLS authentication over RADIUS (see RCDevs RADIUS Bridge). This means that your employees can authenticate to corporate WIFI with:

– X.509 Certificates – Employees self-enroll certificates through an easy-to-use web-UI that’s protected with one-time URLs and/or one-time codes, delivered via SMS for example. The same convenient way of self-service continues on certificate renewals, with users being automatically notified to re-enroll their certificate and are provided with a one-time URL to do that.

– One-Time Passwords – Users can concatenate passwords with a one-time code from their preferred token provider, like OpenOTP Token App, RC200/300/400, Google Authenticator, or from any OATH compliant Hardware or Software Token.

– Push Login (aka one-tap login) – Users with OpenOTP Token App can authenticate to WIFI by simply pressing “Accept” on the login that was pushed to their mobile.

– Application Passwords – Users provide a personal, Wifi-specific and time-limited application password which has been pre-registered via the self-services.

– Voice Biometrics – Users are required to speak their security passphrase on their Mobile Token to start the WIFI connection.

Main features

The only solution which supports OTP/MFA for WIFI
OpenOTP Two-Factor for Wifi access does not support the challenged OTP mode. It also requires password concatenation where the OTP password is concatenated with the domain password. Its usage is simple: Users select the network SSID and are prompted for their password(s). A WebADM client policy for your OpenOTP Wifi will let you decide if the users should log in with domain password only, the OTP password only, or both passwords concatenated.
More about EAP
EAP-TLS (EAP Transport Layer Security) was subsequently defined by IETF RFC 5216. The protocol was created as an open standard leveraging the TLS (Transport Layer Security) protocol and has found wide-spread support with the various wireless vendors on the market. It primarily consists of the original EAP authentication protocol and is still considered to be one of the most secure EAP standards on the market.
Enforce WebADM Client Policies per Wifi Network (SSID)
RCDevs 802.1X for Wifi is fully compatible with WebADM client policies. This means you can define access control policies for each of your Wifi SSIDs. Client policies allow controlling which groups of users can access the network, at what time and even based on LDAP metadata filtering.
Wifi Access with Client Certificates
WebADM includes a PKI service and some very simple certificate management interfaces. A user certificate can also be used to transparently provide access to the Wifi network. Revoking Wifi access is as simple as removing the certificate from the user object.

Key features

Supported on Enterprise Wifi with EAP-GTC and EAP-TTLS-PAP
Supports any OpenOTP method (Tokens, Yubikey, SMSOTP, MailOTP, etc)
Supports LDAP, OTP and LDAP+OTP login modes
Supports Contextual authentication with MAC addresses
Convenient Two-Factor with password concatenation
Per user and group reply attributes for Wifi role-based access
Authentication policies per client application or group of users
Compatible with

This is a non-exhaustive list of OpenOTP compliant products

Cisco Wifi using the EAP-GTC technology
Wifi devices supporting Enterprise RADIUS with EAP-TTLS-PAP
See how simple it is to integrate OpenOTP with Wifi

Read more about related products

Authentication methods

Our solution for WIFI provides Two-Factor with all OpenOTP One-Time Password methods:
Mobile Push
Accept or Deny an Authentication Request
Voice Biometric
Human Voice Authentication
Hardware Tokens
OATH Event, Time and Challenge -based
Software Tokens
OATH Event, Time and Challenge-based, Mobile-OTP (mOTP)
Signed Authentication
FIDO Universal Second Factor (U2F and FIDO2)
Mailbox- Mail and Secure Mail OTP (PIN Mailer) and Mobile Phone- SMS OTP (On-Demand and Prefetched)
Yubikey Tokens
YubiKey Standard, Nano
Printed List
Printed OATH One-Time Password Lists

To request an online demo, you only have to create your account or contact us.

Online Demos are available for free to let you try RCDevs multi-factor in 5 minutes and authenticate with your mobile or Yubikey.