Manual account provisioning
New hire shows up. IT creates a Wi-Fi account by hand. Day-one productivity bleeds away.
Employees onboard their personal devices with the same identity they already use to log into Microsoft, Google, or Okta. No passwords on the captive portal. No help-desk tickets. Onboard once, manage forever.
The familiar login. Already MFA-protected. Already known to HR. The same source of truth for who works here.
Provisioning Wi-Fi credentials by hand was painful at 50 employees. At 500, it's a quarterly cleanup project. At 5,000, half the accounts shouldn't be active anymore — but you can't tell which ones.
New hire shows up. IT creates a Wi-Fi account by hand. Day-one productivity bleeds away.
HR offboards. The Wi-Fi account stays. Six months later it's still working from a cafe.
One more password to remember, one more to write down, one more to phish. Captive portals make it worse.
Personal phones, contractor laptops, hot-desking — every device lifecycle hits the captive portal differently.
One button on the captive portal — Microsoft, Google, Okta, anything SAML.
The familiar login (already MFA-protected), running on your existing identity infrastructure.
Returned to the captive portal with a verified identity. Policy applies based on group membership.
BYOD with SAML moves the access decision out of the captive portal and into the systems your organization already uses to decide who works there.
Every device, every session, attributed to the user's IdP identity. No anonymous BYOD.
Set hours per group, auto-expire per role. Contractors get the right window without a ticket.
Phone, laptop, tablet — operating system, fingerprint, last seen. Quota enforcement built in.
Site, building, AP. Useful for hot-desking estates and distributed offices.
HR flips the IdP switch. Wi-Fi access goes with it. No drift between systems.
Every export ties sessions to people, not anonymous MAC addresses. Compliance gets the full story.
Every employee has an IdP identity. Use it for the network too.
Student SSO covers students, staff SSO covers staff — same captive portal, different policies.
Time-bound access, scoped to the role. Auto-revoke when the engagement ends.
Healthcare, finance, government — identity-bound network access for audit and least-privilege.
Cookies help us improve your experience on this site. With your consent we also use first-party cookies to measure how the site is used (no advertising). Read our Privacy Policy for more.
When you visit our website it may store or retrieve information in your browser, mostly as cookies. This information is used to make the site work as you expect and, with your consent, to understand how it is used. Because we respect your privacy, you can choose not to allow some cookies. Note that blocking some of them may affect your experience.
These cookies are needed for the website to function and cannot be switched off. They are usually set only
in response to actions you take, such as signing in to internal areas or filling in a form. They store no
information that identifies you personally (cookie: ng_learn_session).
With your consent, first-party cookies help us understand how the site is used: unique and returning
visitors, approximate city and region, time on a page, and entry and exit pages. We never store your IP
address (cookies: ng_consent, ng_vid, ng_sid). If you do not allow
them, we use only privacy-friendly, cookieless measurement.