Sign In
Sign In is a cloud guest network service. It presents a branded captive portal and a broad set of sign-in methods, and it controls who reaches the network and on what terms through access policies, with self-service so that hosts and guests manage their own access.
Service at a glance
- Purpose
- Cloud guest Wi-Fi with a branded captive portal and a broad set of sign-in methods
- Editions
- Go (essentials) Available · Enterprise (full feature set) Available
- Deployment
- Cisco Service Gateway (per throughput) or Cisco Meraki (per access point)
- Best for
- Guest and visitor Wi-Fi, events, multi-site venues, BYOD onboarding
- Licensed by
- By deployment method, plus a feature tier
- Data location
- Global Cloud, or Nordic Sovereign Cloud (data in Sweden)
1. Purpose and use cases
Section titled “1. Purpose and use cases”Sign In gives visitors, guests, and BYOD users a simple, branded way onto the network while giving the operator control over access and a clear record of it. It suits guest Wi-Fi in offices and public venues, event and conference access, multi-site deployments, and BYOD onboarding.
2. Service scope, editions, and deployment
Section titled “2. Service scope, editions, and deployment”A Sign In service context is one captive portal. An organization can run several contexts, for example one per venue or audience. The service is offered in two editions and on two deployment methods.
| Deployment method | Licensed by | Notes |
|---|---|---|
| Cisco Service Gateway | Per throughput (Mbps) on a Cisco router | Adds DHCP, DNS, secure tunneling, routing, and application visibility |
| Cisco Meraki | Per activated MR access point | Direct integration with the Meraki Dashboard |
| Edition | Scope |
|---|---|
| Go | Essentials for guest Wi-Fi: captive portal, core sign-in methods, basic services |
| Enterprise | Full feature set: all sign-in methods, self-service, statistics, multi-site, and the platform services |
3. Key functions
Section titled “3. Key functions”- A branded captive portal, customizable per context, with multi-language support.
- More than ten sign-in methods that can be combined, including click-to-connect, email and SMS self-provisioning, SAML single sign-on, meeting host, conference and event access, username and password, and whitelisting.
- Access policies that match guests (for example by email pattern) and set which methods apply, session length, device quotas, and self-service permissions.
- A self-service portal for hosts and guests.
- Compliance controls: configurable data retention, data subject search, and audit logging.
4. Architecture and how it works
Section titled “4. Architecture and how it works”Sign In presents the captive portal in the cloud and integrates with the network at the edge. With Cisco Meraki, it works through the Meraki Dashboard. With a Cisco Service Gateway, a Cisco router connects to the platform over a FlexVPN (IKEv2/IPSec) tunnel and provides DHCP, DNS, BGP routing, VRF-based tenant isolation, application visibility, and optional Cisco TrustSec (SXP) integration for the portal. Captive-portal detection uses DHCP option 114 (RFC 8910) on clients that support it, with a standard redirect fallback. Access policies decide, per guest, which sign-in methods and session terms apply.
5. Customer requirements and prerequisites
Section titled “5. Customer requirements and prerequisites”| Item | Requirement |
|---|---|
| Network | A Cisco Meraki network, or a Cisco router able to act as a service gateway |
| Meraki deployment | Access to the Meraki Dashboard for the activated access points |
| Service Gateway deployment | A supported Cisco router (for example ISR 1100/4400 or Catalyst 8000) connected to the platform over a FlexVPN (IKEv2/IPSec) tunnel, providing DHCP, DNS, BGP routing, and optional Cisco TrustSec (SXP) |
| Identity (optional) | A SAML 2.0 identity provider where single sign-on is used for guests or hosts |
Network connectivity is summarized in Network Requirements.
6. Integrations and dependencies
Section titled “6. Integrations and dependencies”Sign In integrates with Cisco Meraki and with Cisco routers as a service gateway, with SAML identity providers for single sign-on, and with external systems through webhooks. An optional Cloud DNS add-on provides light DNS filtering on the Service Gateway and Sign In. See Integrations.
7. Roles and responsibilities
Section titled “7. Roles and responsibilities”| Role | Surface | Capabilities |
|---|---|---|
| Organization / Sign In administrator | Administration Portal | Full configuration of the context, sign-in methods, access policies, and users |
| Module manager | Administration Portal | Manage sign-in methods, reports, and user activity |
| Operations | Administration Portal | View service status and network statistics |
| Host / guest | Self-Service Portal | Manage their own meetings, events, guests, or devices |
See Roles and Administration Levels.
8. Licensing and activation
Section titled “8. Licensing and activation”Sign In is licensed by deployment method (per throughput on a Cisco Service Gateway, or per activated Cisco Meraki access point) plus a feature tier (Go or Enterprise), on top of the platform delivery license. An access-point license can be shared with EasyPSK on a separate SSID. Authoritative product codes and terms are on the Sign In License page; the model is summarized in Licensing and Service Levels. Licenses are sold through authorized partners.
9. Security, logging, and data protection
Section titled “9. Security, logging, and data protection”Access is governed by policy rather than by per-tier network segments alone. Administrative changes are recorded in the audit log, data retention is configurable by the customer, and data subject search supports GDPR requests. Platform-wide protections are described in Security and Data Protection and Logging, Reporting, and Retention.
10. Limitations and exclusions
Section titled “10. Limitations and exclusions”- Access is scoped by policy; Sign In is not a per-tier VLAN segmentation product.
- Guest presence is derived from network signals, not from per-access-point radio mapping.
- Some methods and platform services are available only in the Enterprise edition.
11. Related services
Section titled “11. Related services”- EntryPoint provides RADIUS authentication for employees, BYOD, and IoT. Sign In handles guest onboarding; EntryPoint handles 802.1X and Identity PSK.
- EasyPSK provides per-unit residential Wi-Fi keys, complementary to Sign In on the same Cisco Meraki access points.
12. When to use, and when not to use
Section titled “12. When to use, and when not to use”Use Sign In when you need a branded guest network with flexible sign-in methods and policy-based access on Cisco Meraki or a Cisco Service Gateway. Do not use Sign In as the authentication method for managed employee devices or IoT fleets (use EntryPoint), or for per-unit residential Wi-Fi keys (use EasyPSK).