Guest Internet services. John is a 34-year management consultant. He is visiting the BigCorp’s HQ in London to discuss a major international project. Arriving early after his flight, he looks for the guest Wi-Fi in the reception. John connects with his smartphone, enters his details and cellular phone number in the captive portal. Pling! John gets a one-time password via SMS, which he also can activate by a simple click on the embedded URL.
Keep the network secure while still offering easy access Enterprise Guest Wi-Fi. Deliver consistent user experience and branding. Allow employees update captive portals. Offer a secure and deeper access for long-term contractors. Bring-your-own-device service.
USER STORY – JOHN 34
APTILO ENTERPRISE GUEST WI-FI
If you can’t secure the guest Internet – trace it
In an ideal world, guests should always connect to a secure guest Internet SSID (Wi-Fi network ID running 802.1x). But, we are not there yet. You will have to balance security with convenience for your guests. The need for unencrypted open guest Wi-Fi SSIDs will not go away soon.
The delivery of the one-time password in an SMS, with a clickable link, was very convenient for John. But it was also crucial for security reasons. If you use an open guest Internet SSID, you must be able to get traceability. This is exactly what the SMS verification does. You can tie the guest account and device to a verified identity, the mobile number. Needless to say, you must separate the open SSID from your corporate network e.g. through a virtual LAN (VLAN).
Security for long-term guests
Contractors and consultants should all connect to a secure and encrypted guest Internet SSID with 802.1x support. Separated from the corporate network, but still with access to office equipment such as printers.
Provision a certificate (EAP-TLS) or username/password (EAP-TTLS) in each device to get it connected to the 1x SSID. In the future, with widespread device support for Hotspot 2.0 R2 online sign-up (OSU) and Passpoint, this process will be more automatic. Right now, we have to rely on manual installation of certificates in each device. Intelligence which supports users during setup can be built into the captive portals in the Aptilo Service Management Platform™ (SMP). If the device supports Hotspot 2.0 Passpoint profiles, users will have the option to watch an instruction video on how to install the certificate for that device. This will improve the user experience and thus the adoption rate. After the installation, they will get encrypted communications and seamlessly fly onto the secure guest Wi-Fi network.
GET OUR MOST WANTED FUNCTIONS
We have collected the most wanted enterprise guest Wi-Fi functions in our cloud service – the Aptilo Guest Wi-Fi Cloud™. Learn more about the main benefits of our guest Wi-Fi solution, adapted for different businesses and verticals.
Consistency over multiple Wi-fi vendors
Deliver a consistent, secure and reliable enterprise guest Wi-Fi experience across every office in your organization. Vendor-agnostic is not the same as supporting standard protocols. Not in our book. We have added specific adaptations in Aptilo SMP to make sure you get the most out of the hardware from our Wi-Fi partners. We also have support for the most important ones in our cloud service – the Aptilo Guest Wi-Fi Cloud™.
Our enterprise guest Wi-Fi solution, based on Aptilo SMP, supports all the registration and login methods there are. Certificates (EAP-TLS/TTLS), SMS one-time password, vouchers, e-vouchers, e-mail verification, group accounts, long-term accounts and different payment methods. Integration with your Active Directory (AD). Bring-Your-Own-Device (BYOD) service. You name it, we’ve got it!
One brand identity – local diversity
Captive portals should be a business communication tool. With Aptilo SMP, anyone can make updates to the portals. Those pictures and texts that are defined as editable in the template can easily be changed. Let your local receptionist write a welcome message to an important visitor. Provide local information such as maps of the campus. You can make these changes all the way down to a local office area. And, schedule captive portals to kick-in at a certain date and time.
Use Wi-Fi analytics to get actionable insights about your visitors.