How to enable Single Sign off for WIFI network supporting radius?

Ritesh Sharma 266 Reputation points
2024-06-19T06:56:42.85+00:00

Hi

We have devices which are Azure ad joined and Identity is Hybrid. We want to enable single sign-on for Wifi network which supported radius. How it can be achieved.

I know, we need a NDES server and certificate authority server. But what are the configuration and settings require. We can authenticate the wifi with username and password. However, whenever user reset their password. User need to reauthenticate with updated password.

How we can fix it?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,503 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
696 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,758 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jing Zhou 4,670 Reputation points Microsoft Vendor
    2024-06-19T09:39:50.5366667+00:00

    Hello,

    Thank you for posting in Q&A forum.

    To achieve single sign on for Azure AD connected devices on a Wi Fi network that supports radius, you can try the following configurations and settings:

    Deploy NDES servers and Certificate Authority (CA) servers to ensure that devices can obtain the correct certificates for authentication.

    Configure the radius server to integrate with Azure AD, ensuring that devices can authenticate through Azure AD.

    Configure WiFi network, use the radius server as the authentication server, and use Azure AD as the authentication source.

    Ensure that the device has joined Azure AD and that the authentication method is in mixed mode.

    Ensure that the root certificate of the device's Certificate Authority (CA) is trusted.

    To solve the problem of users needing to revalidate after resetting their password, you can try the following solution:

    Configure the device to support automatic certificate updates. In this way, when the user changes their password, the device can automatically update the certificate without the need for the user to manually revalidate.

    Ensure that the device can communicate with the NDES server in a timely manner to update the certificate promptly after password changes.

    Through these configurations and settings, you can enable Azure AD connected devices to achieve single login on a radius supported WiFi network, and solve the problem of users needing to revalidate after password reset.

    Best regards,

    Jill Zhou

    If the Answer is helpful, please click "Accept Answer" and upvote it.