Wireless Captive portal allow guests or internal users to authenticate prior to access via local account or their account on third party identity provider like Google, Microsoft, OKTA or company’s own Azure AD. It can be a single portal or a separate one for each account type.
A WIFI captive portal that allows users to sign in using either Google or Microsoft accounts, leverages on the OAuth 2.0 protocol for authentication. Palo Alto, Fortinet and many other firewalls support this functionality.
The steps involved are generally :
- Set up an OAuth 2.0 application:
- For Google, create a project in the Google Cloud Console and configure an OAuth 2.0 client ID.
- For Microsoft, create an Azure AD application and configure the necessary settings.
- Corporate users within organization may utilize SAML authentication to reduce the need for a password to remember for each application they use.
- Configure the firewall captive portal:
- Access the administrative interface, set a new or use an existing broadcast domain.
- Enable the captive portal feature and configure the necessary network settings.
- Configure the authentication profiles:
- For Palo Alto: Create an authentication profile for each identity provider (Google and Microsoft). Specify the OAuth 2.0 settings and credentials obtained from Step 1.
- For Fortinet: Create an authentication portal and configure the OAuth 2.0 settings for each identity provider.
- Set up user access policies:
- Define policies that control which users are allowed access to the Wi-Fi network.
- Assign the appropriate authentication profiles to these policies, based on the desired identity provider.
- Customize the captive portal page:
- Customize the captive portal page to display the login options for both Google and Microsoft.
- Provide instructions for users to choose their preferred authentication method.
- Test and verify:
- Test the captive portal by attempting to authenticate using both Google and Microsoft accounts.
- Ensure that the appropriate access policies are enforced based on the authentication method.
A third party SSL certificate may be required to avoid issues with self-signed cert on portal which is untrusted.
We are here to assist if you require to provide a complete solution tailored to your specific firewall model.
Feel free to contact us for assistance.