Cloud-based Radius Solution

%3CLINGO-SUB%20id%3D%22lingo-sub-216342%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-216342%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20support%20scenarios%20for%20using%20RADIUS%20is%20VPN%2C%20NPS%20and%20based%20on%20Azure%20MFA.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-nps-extension-vpn%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-nps-extension-vpn%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20work%20with%20Azure%20AD%20and%20SAML%20for%20authentication%2C%20it's%20more%20secure.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-216019%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-216019%22%20slang%3D%22en-US%22%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20very%20interested%20by%20your%20solution%20to%20authenticate%20Office365%20users%20on%20Meraki%20Wifi.%3CBR%20%2F%3E%3CBR%20%2F%3EPlease%20send%20me%20an%20email.%3CBR%20%2F%3E%3CBR%20%2F%3Ersaada%40splio.com%3CBR%20%2F%3E%3CBR%20%2F%3ETks%20!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-171513%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-171513%22%20slang%3D%22en-US%22%3E%3CP%3ENo%2C%20I%20design%20the%20solution%20myself%20actually%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3EIt's%20pretty%20simple.%20If%20you%20are%20using%20Cisco%20Meraki%2C%20it%20allows%20you%20to%20use%20an%20external%20splash%20page%20(Excap).%20For%20that%20page%2C%20you%20have%202%20options%3A%20one%20using%20a%20radius%20authentication%20(which%20doesn't%20hep)%20and%20one%20using%20a%20click%20to%20connect%20(no%20authentication).%20As%20such%2C%20it%20doesn't%20help%20either%20but%20if%20you%20store%20that%20click%20to%20connect%20page%20on%20an%20Azure%20app%20that%20you%20protect%20but%20forcing%20your%20user%20to%20authenticate%20before%20accessing%20the%20page%2C%20it%20makes%20the%20job.%20On%20azure%20the%20azure%20web%20app%2C%20you%20have%20the%20option%20to%20select%20authentication%20using%20Facebook%2C%20google%2C%20Azure%20AD%2C%20etc.%20then%20you%20must%20configure%20the%20wallet%20garden%20of%20Meraki%20to%20allow%20access%20to%20the%20Azure%20authentication%20even%20without%20being%20authenticated%20on%20the%20wifi%20network.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20that's%20it%20%3A)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20think%20I've%20post%20something%20to%20explain%20this%20on%20the%20Meraki%20forum%20but%20not%20sure%20anymore%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-171510%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-171510%22%20slang%3D%22en-US%22%3E%3CP%3EInteresting%2C%20can%20you%20provide%20more%20information%20on%20how%20you%20solved%20it%3F%20Did%20you%20follow%20any%20guides%20or%20blog%20posts%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%2FMagnus%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-171505%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-171505%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EActually%20I%20managed%20to%20have%20an%20authentication%20without%20using%20Radius%20server.%20The%20users%20must%20authenticate%20using%20their%20O365%20account%20via%20a%20splash%20page.%20It's%20integrated%20with%20Meraki%20Wifi%20network%20and%20it%20works%20fine.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3EJo%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-171503%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-171503%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20am%20also%20interested%20in%20such%20a%20solution.%20I%20can%20accept%20an%20on-premises%20appliance%20(I%20mean%20the%20wifi%20hardware%20need%20to%20be%20on-premises%20anyway)%20but%20my%20customer%20does%20not%20want%20to%20install%20a%20local%20Active%20Directory%20or%20any%20on-premises%20servers.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20for%20some%20reason%2C%20they%20require%20authentication%20for%20the%20wifi%20network.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%2FMagnus%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91235%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91235%22%20slang%3D%22en-US%22%3EUnfortunately%20the%20link%20is%20not%20working%20...%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91232%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91232%22%20slang%3D%22en-US%22%3E%3CP%3EWould%20this%20approach%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fmulti-factor-authentication%2Fmulti-factor-authentication-nps-extension%26nbsp%3Bwork%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fmulti-factor-authentication%2Fmulti-factor-authentication-nps-extension%26nbsp%3Bwork%3C%2FA%3E%20for%20you%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1523468%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1523468%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F68406%22%20target%3D%22_blank%22%3E%40Johan%20Maricq%3C%2FA%3E%20!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20also%20currently%20trying%20to%20set%20up%20a%20azure%20ad%20login%20for%20cisco%20meraki.%20But%20we%20still%20face%20some%20challenges...%20Can%20you%20please%20let%20me%20know%20your%20approach%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eif%20you%20want%20to%20get%20to%20me%20via%20email%3A%20%3CA%20href%3D%22mailto%3Afs%40jobcloud.ch%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Efs%40jobcloud.ch%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3EFatih%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1523510%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1523510%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20now%20I%20created%20a%20splash%20age%20application%20using%20the%20web%20app%20from%20azure%20AD.%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20app%20is%20protected%20and%20accessible%20only%20to%20my%20authenticated%20users%20(basic%20feature%20you%20can%20activate%20in%20the%20app%20options).%3C%2FP%3E%3CP%3EWhen%20a%20user%20connects%20to%20the%20wifi%2C%20he%20is%20redirected%20to%20this%20portal%20hosted%20on%20the%20azure%20web%20app%2C%20Azure%20asks%20the%20users%20to%20authenticate.%20When%20authenticated%2C%20the%20splash%20page%20is%20just%20a%20pass%20through%20button%20the%20user%20need%20to%20click%20on.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EJohan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91223%22%20slang%3D%22en-US%22%3ECloud-based%20Radius%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91223%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20move%20this%20conversation%20if%20it's%20not%20the%20right%20place.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'd%20like%20to%20know%20if%20Azure%20has%20full%20cloud%20based%20solution%20for%20Radius%20Authentication%3F%20I'd%20like%20to%20link%20the%20O365%20account%20of%20my%20users%20to%20a%20cloud%20managed%20wifi%20network%20for%20authentication%20(like%20Cisco%20Meraki%20or%20Ubiquiti).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20solution%20I've%20seen%20are%20using%20MFA%20as%20Radius%20but%20I%20would%20then%20need%20to%20install%20an%20on-premise%20appliance.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EJohan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-91223%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

Dear All,

 

Please move this conversation if it's not the right place.

 

I'd like to know if Azure has full cloud based solution for Radius Authentication? I'd like to link the O365 account of my users to a cloud managed wifi network for authentication (like Cisco Meraki or Ubiquiti).

 

All solution I've seen are using MFA as Radius but I would then need to install an on-premise appliance.

 

Thanks,

Johan

10 Replies
Highlighted
Highlighted
Unfortunately the link is not working ...
Highlighted

Hello,

 

I am also interested in such a solution. I can accept an on-premises appliance (I mean the wifi hardware need to be on-premises anyway) but my customer does not want to install a local Active Directory or any on-premises servers.

 

However, for some reason, they require authentication for the wifi network.

 

/Magnus

Highlighted

Hello,

 

Actually I managed to have an authentication without using Radius server. The users must authenticate using their O365 account via a splash page. It's integrated with Meraki Wifi network and it works fine.

 

Regards,

Jo

Interesting, can you provide more information on how you solved it? Did you follow any guides or blog posts?

 

/Magnus

Highlighted

No, I design the solution myself actually :)

It's pretty simple. If you are using Cisco Meraki, it allows you to use an external splash page (Excap). For that page, you have 2 options: one using a radius authentication (which doesn't hep) and one using a click to connect (no authentication). As such, it doesn't help either but if you store that click to connect page on an Azure app that you protect but forcing your user to authenticate before accessing the page, it makes the job. On azure the azure web app, you have the option to select authentication using Facebook, google, Azure AD, etc. then you must configure the wallet garden of Meraki to allow access to the Azure authentication even without being authenticated on the wifi network.

 

And that's it :) 

I think I've post something to explain this on the Meraki forum but not sure anymore ;)

Highlighted
Hello,

I'm very interested by your solution to authenticate Office365 users on Meraki Wifi.

Please send me an email.

rsaada@splio.com

Tks !
Highlighted

The support scenarios for using RADIUS is VPN, NPS and based on Azure MFA.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn

 

You can work with Azure AD and SAML for authentication, it's more secure.

Highlighted

Hi @Johan Maricq !

 

We are also currently trying to set up a azure ad login for cisco meraki. But we still face some challenges... Can you please let me know your approach?

 

if you want to get to me via email: fs@jobcloud.ch

 

Cheers

Fatih

Highlighted

Hello,

 

For now I created a splash age application using the web app from azure AD. 

This app is protected and accessible only to my authenticated users (basic feature you can activate in the app options).

When a user connects to the wifi, he is redirected to this portal hosted on the azure web app, Azure asks the users to authenticate. When authenticated, the splash page is just a pass through button the user need to click on.

 

I hope this help.

 

Regards,

Johan