Enterprise Guest Wi-Fi

Keep the network secure while still offering easy access Enterprise Guest Wi-Fi. Deliver consistent user experience and branding.  Allow employees update captive portals. Offer a secure and deeper access for long-term contractors. Bring-your-own-device service.


  • Guest Internet services. John is a 34-year management consultant. He is visiting the BigCorp’s HQ in London to discuss a major international project. Arriving early after his flight, he looks for the guest Wi-Fi in the reception. John connects with his smartphone, enters his details and cellular phone number in the captive portal. Pling! John gets a one-time password via SMS, which he also can activate by a simple click on the embedded URL.

  • One week later. John is heading to BigCorp’s Tokyo office. John notices a different brand of Wi-Fi equipment hanging from the ceiling. He wonder if there are any guest Internet services. He switch on the Wi-Fi and is amazed at how consistent the guest Wi-Fi portal experience is. As a consultant, he appreciates these things. Brand identity is important. But, he also likes the local information, including the map to find his way between the buildings on the corporate campus.

  • Back home in Oslo. John get’s an e-mail confirming the eight-month project in Tokyo. He is excited. BigCorp asks John to on-board Hotspot 2.0 Passpoint certificates on his devices by clicking on a link which has been sent via SMS and e-mail. Once these certificates are installed, John will get an encrypted communication and just fly on to the secure guest Wi-Fi in Tokyo (1x SSID). He will also have access to office equipment such as printers and conference projectors. The portal automatically detects that John is using Windows 10. After an additional verification through a one-time password sent through SMS, a short video guides John on how to install the certificate. Now it’s time to onboard Passpoint on his smartphone. It turns out that the phone wasn’t so smart. The portal advises John to use the open guest Internet (Open SSID) , the one he used on his last visit. John smiles. This is a good time to buy a new phone. After all, he will spend the next eight months in Tokyo.

Vendor agnostic security for enterprise guest Internet services aka enterprise guest Wi-Fi


If you can’t secure the guest Internet – trace it

In an ideal world, guests should always connect to a secure guest Internet SSID (Wi-Fi network ID running 802.1x). But, we are not there yet. You will have to balance security with convenience for your guests. The need for unencrypted open guest Wi-Fi SSIDs will not go away soon.

The delivery of the one-time password in an SMS, with a clickable link, was very convenient for John. But it was also crucial for security reasons. If you use an open guest Internet SSID, you must be able to get traceability. This is exactly what the SMS verification does. You can tie the guest account and device to a verified identity, the mobile number. Needless to say, you must separate the open SSID from your corporate network e.g. through a virtual LAN (VLAN).

Security for long-term guests

Contractors and consultants should all connect to a secure and encrypted guest Internet SSID with 802.1x support. Separated from the corporate network, but still with access to office equipment such as printers.

Provision a certificate (EAP-TLS) or username/password (EAP-TTLS) in each device to get it connected to the 1x SSID. In the future, with widespread device support for Hotspot 2.0 R2 online sign-up (OSU) and Passpoint, this process will be more automatic. Right now, we have to rely on manual installation of certificates in each device. Intelligence which supports users during setup can be built into the captive portals in the Aptilo Service Management Platform™ (SMP). If the device supports Hotspot 2.0 Passpoint profiles, users will have the option to watch an instruction video on how to install the certificate for that device. This will improve the user experience and thus the adoption rate. After the installation, they will get encrypted communications and seamlessly fly onto the secure guest Wi-Fi network.


We have collected the most wanted enterprise guest Wi-Fi functions in our cloud service – the Aptilo Guest Wi-Fi Cloud™. Learn more about the main benefits of our guest Wi-Fi solution, adapted for different businesses and verticals.

Consistency over multiple Wi-fi vendors

Deliver a consistent, secure and reliable enterprise guest Wi-Fi experience across every office in your organization. Vendor-agnostic is not the same as supporting standard protocols. Not in our book. We have added specific adaptations in Aptilo SMP to make sure you get the most out of the hardware from our Wi-Fi partners. We also have support for the most important ones in our cloud service – the Aptilo Guest Wi-Fi Cloud™.

Our enterprise guest Wi-Fi solution, based on Aptilo SMP, supports all the registration and login methods there are. Certificates (EAP-TLS/TTLS), SMS one-time password, vouchers, e-vouchers, e-mail verification, group accounts, long-term accounts and different payment methods. Integration with your Active Directory (AD). Bring-Your-Own-Device (BYOD) service. You name it, we’ve got it!

One brand identity – local diversity

Captive portals should be a business communication tool. With Aptilo SMP,  anyone can make updates to the portals. Those pictures and texts that are defined as editable in the template can easily be changed. Let your local receptionist write a welcome message to an important visitor. Provide local information such as maps of the campus. You can make these changes all the way down to a local office area. And, schedule captive portals to kick-in at a certain date and time.

Use Wi-Fi analytics to get actionable insights about your visitors.

© 2001-2022 I Aptilo Networks