Other authentications for captive portal

“In addition to the basic configurations, this section provides detailed insights into the finer aspects of captive portal customization. It offers a comprehensive exploration of the diverse settings that allow you to fine-tune your portal according to specific requirements. By delving into these additional settings, you can maximize the potential of your captive portal customization.”

Table of content

Subsections of Other authentications for captive portal

Two-factor authentication with MAC address

Introduction

This document describes how to create a two-factor authentication system that uses MAC address identification along with OTP, email, or token-based authentication methods. By incorporating MAC authentication into the login process, this method improves security and access control in captive portal systems.

Mac address and SMS authentication - This is a two-step verification process. First, it verifies the device’s MAC address, then sends an OTP via SMS to authenticate the user’s mobile phone number.

Mac address and Email authentication - This is a two-step verification process. Initially, it authenticates the device’s MAC address and subsequently sends an authentication email to verify the user’s email address.

Mac address and token authentication - This is a two-step verification process. It starts by authenticating the device’s MAC address, followed by the use of a token for further authentication.

Getting Started

  1. This feature is specifically designed for use with the Scorpio template on EnGenius hardware. For detailed instructions on customizing templates, refer to the “Customizing Captive Portal Templates” section.

  2. Begin by selecting the Scorpio template using the designated button.

Scorpio Template Scorpio Template

  1. On the “Configure Template” page, navigate to the “Index Page” section.

Configure Template Configure Template

  1. Click on the settings button to customize the Index page.

  2. The form fields to select will vary based on the two-factor authentication method you wish to use..

  • For SMS authentication, select the Phone field.
  • For email authentication, select the Email field.
  • For token-based authentication, select the Access Code field.

Select Authentication Method Select Authentication Method

  1. In the “Enable First Step MAC Authentication” section, ensure that both the Enable and Bind Strictly checkboxes are checked.

    • Enable: Activates First Step MAC Authentication.
    • Bind Strictly: Enabling this option associates a specific MAC address with a second-step authentication method. Then, the user can only log in using the information provided in the two-factor authentication settings.

  2. Then select the Second Step of Authentication. Select SMS, Email, or Token Based authentication as per your requirement.

  3. Adjust any additional configurations as needed, then click “Save Changes” to apply the settings.

Save Changes Save Changes

  1. For further guidance on template customization, refer back to the “Customizing Captive Portal Templates” section.

  2. Once customization is complete, click Save to save the changes.

Save Configuration Save Configuration

Assigning the Captive Portal

  1. Assign the configured captive portal to the relevant access point. Refer to the “Assign a Guest Portal to the Access Point” section to know how to do this.

Creating a Two-Factor Authentication Group

  1. Navigate to Captive Portals > Captive Portal Settings > Two Factor Authentication Settings > Group.

Group Settings Group Settings

  1. Click on Create Group and define a new group. In the “Assign Captive Portal” column, select the previously configured captive portal.

Create Group Create Group

  1. Once the group is created, proceed to add user details. Click on the User Details tab and then click on the Create New User button to add a new user.

  2. In the popup window that open, Enable the user by checking the Enable checkbox and provide the required information.

  3. When adding a user, ensure to provide relevant information based on the configured two-factor authentication method:

    • Name: User’s name.
    • MAC Address: MAC address of the user’s device.
    • Enable Token Authentication: Enable this option for token-based authentication.
    • Access Token: Upon enabling token authentication, an access token will be generated. This token is linked to the associated MAC address and grants access to the captive portal.
    • Email: User’s email address for email authentication.
    • Phone: User’s phone number for OTP authentication.
    • Assigned Group: Select the group created earlier from the dropdown list.
    • Expiry Time: Set the duration for which the user can access the internet via the captive portal.

  4. Click Save to save the user.

User Details User Details

  1. Conduct thorough testing of the captive portal to ensure proper functionality of MAC Authentication. In case of any issues, refer back to the outlined steps for troubleshooting.

Azure Authentication for Captive Portal

Overview

This technical documentation guides you through the process of configuring Azure authentication for a Captive Portal using the Soul template on Meraki hardware. Follow the steps outlined below to seamlessly integrate Azure for social login on your captive portal.

Template Customization with Soul Template

  1. This feature is compatible with the Soul template on Meraki hardware.

  2. To start the configuration, “Azure” should be integrated with Kloud Manage, and refer to the Microsoft Authentication section to know how to do it.

  3. For detailed instructions on customizing templates, refer to the Customizing Captive Portal Templates section.

  4. In this case, proceed by selecting the Soul template using the designated button.

  5. On the “Configure Template” page, click on the Welcome Page button.

  1. Click on the settings button to customize the Index page.

  2. In the settings window, select Azure as the form of social login. If second step mac authentication is needed, please check enable second step mac authentication checkbox.

  3. Adjust other configurations as needed.

  4. Click the Save changes button.

  5. To further customize the template, refer to the Customizing Captive Portal Templates section.

  6. After customizing the portal, click on the Save button to save your settings.

Assigning the Captive Portal to Access Point

Follow the instructions in the Assign a Guest Portal to the Access Point section to assign the created captive portal to the access point.

Add Redirect URI to Azure

Add the redirect URL of your captive portal to the Azure portal. Refer to the Add Redirect URI section in the Microsoft Authentication documentation for detailed instructions.

Creating a Two-Factor Authentication Group

  1. In case of a MAC address not found error, create a group.
  2. Refer to the Creating a Two-Factor Authentication Group section for detailed steps. In this case, the Enable token authentication checkbox can be ignored.
  3. Only adding the MAC address is necessary for this Azure authentication.
  1. Assign the user to the created group. Also, you can add expiry time also.
  2. Save the changes.
  3. Multiple MAC addresses can be added in this manner.
  1. Once the above steps are completed, users can log in to the captive portal using Azure authentication.

Okta Authentication for Captive Portal

Overview

This technical documentation guides you through the process of configuring Okta authentication for a Captive Portal using the Pine template on EnGenius hardware. Follow the steps outlined below to seamlessly integrate Okta for social login on your captive portal.

Template Customization with Pine Template

  1. This feature is compatible with the Pine template on EnGenius hardware.

  2. To start the configuration, Okta should be integrated with KloudManage, refer to the Okta Authentication section to know how to do it.

  3. For detailed instructions on customizing templates, refer to the Customizing Captive Portal Templates section.

  4. In this case, proceed by selecting the Pine template using the designated button.

  5. On the Configure Template page, click on the Index Page.

  1. Click on the settings button to customize the Index page.

  1. In the settings window, select Okta as the form of social login.

  2. Adjust other configurations as needed.

  3. Click the Save Changes button.

  1. To further customize the template, refer to the Customizing Captive Portal Templates section.

  2. After customizing the portal, click on the Save All button to save your guest portal.

Assigning the Captive Portal to Access Point

Follow the instructions in the Assign a Guest Portal to the Access Point section to assign the created captive portal to the access point.

Add Redirect URI to Okta

  1. Add the redirect URL of your captive portal to the Okta App. Refer to the Okta Authentication document for detailed instructions.
  1. Once the above steps are completed, users can log in to the captive portal using Okta.

Sponsor Authentication with OTP

Introduction

One method of authentication within captive portals is sponsor-based authentication, where users are granted access by a sponsor. In this document, we will discuss the setup and configuration of sponsor authentication with one-time passwords (OTPs) using the Flora template in Meraki hardware or the Raga template in Kloudspot Gateway hardware.

Template Customization

  1. Choose the Flora template for Meraki hardware or the Raga template for Kloudspot Gateway hardware. For a detailed walkthrough on customizing templates, please refer to the “Customizing Captive Portal Templates” section.
  1. Access the welcome page in the template configuration section.

  1. Click on the settings button.

  2. Select the following form fields: Name, Phone, Email, Sponsor Email, and WI-FI Access Period.

    Note: WI-FI Access Period is optional but recommended for better control over access duration.

  3. Scroll down and check the Sponsor Based Authentication checkbox.

  4. Check the Enable Sponsor authentication with OTP option.

    Note: If you only want Sponsor Based Authentication, you do not need to check the Sponsor authentication with the OTP.

  5. Adjust other configurations as necessary.

  6. Click the Save changes button.

  1. To learn more about template customization, refer to the Customizing Captive Portal Templates section.

  2. After customizing the portal as per your requirement click on Save button and save.

Assigning the Captive Portal to Access Point

  1. Follow the guidelines provided in the Assign a Guest Portal to the Access Point section to assign the customized captive portal to the access point.

    Note: The captive portal’s expiration time will coincide with the access point’s expiration time if the WI-FI Access Period check box is not checked.

Add Sponsored Email or Domain

  1. Access captive portal settings.

  2. Go to Sponsor Authentication Settings tab.

  3. Click on the Create new button.

  1. Select the previously created template.

  1. Choose one of the following options:

    a. Enter the sponsor’s email address directly:

    • Check the Set Sponsor Emails checkbox.
    • Click on the Add email address button.
    • Enter sponsor name and email.

b. Provide Sponsor’s Email Domains:

  • Enter email domains, separating multiple domains with commas.

  1. Set the timeout duration for sponsor requests.

  2. Click the Save button to save the changes.

Testing

  1. Now that the captive portal is configured, it’s essential to test it to ensure proper functionality. Test the captive portal by accessing the network and initiating the sponsor authentication process.

  2. On the captive portal login page, enter the user’s email ID, phone number, sponsor’s email, name, Wi-Fi expiration time and click on the Request Access button.

Note: The Wi-Fi expiration time dropdown is only available if the WI-FI Access Period field is checked.

  1. Authentication mail will be sent to the sponsor immediately.
  1. The sponsor can approve or decline it.
  1. Once approved, the user can use the internet.

MAC Authentication

Introduction

This technical document provides step-by-step instructions for configuring Captive Portal MAC Authentication using EnGenius hardware and Block template. Captive Portal MAC Authentication allows access to the internet only to users whose MAC addresses are whitelisted.

Template Configuration

  1. Navigate to Captive Portal > Guest Portals > Create New.

  2. Enter captive portal name and click on Create.

  1. Choose the Block Template from EnGenius Hardware.
  1. Navigate to the Access Blocked Page within the template configuration section.

  1. Click on the settings button.

  2. Configure the following parameters as per your requirements:

    • Logo
    • Title Text
    • Warning Text
    • Redirect URL
    • Background Image

  3. Once configured, click on the Save Changes button to apply the settings.

  1. Finally, click the Save All button to save the template.

Assigning the Captive Portal to Access Point

  1. After creating and configuring the template, the next step is to assign it to an access point.

  2. Follow the guidelines provided in the Assign a Guest Portal to the Access Point section to assign the customized captive portal to the access point.

Whitelisting MAC Addresses

To allow internet access to users based on MAC address whitelisting, follow these steps:

Create a Whitelist Group:

  1. Refer the Create a Group whitelist section to learn how to do that.

  2. Enter the following details:

    • Authentication Domain
    • Name
    • Expiry Type
    • Expiry Date

    Note: No need to add a CSV file. Ensure the name of the group matches your network name.

Create a User Whitelist:

  1. Refer the Create a User Whitelist section to learn how to do this.

  2. Check the Select Group checkbox and choose the group created in the previous step.

  3. Add the MAC addresses of the users who should have direct access to the captive portal.

  4. Once the above steps are completed, users whose MAC addresses are whitelisted will have access to the internet via the configured Captive Portal.