View Categories

Administration

Netgraph Entrypoint is a sophisticated, cloud-based SaaS platform designed to simplify secure network access management and authentication configuration. Its intuitive administrative portal provides comprehensive control over your network infrastructure:

Context Creation #

The “Create RADIUSaaS Context” functionality within the Entrypoint administrative portal empowers organizations to effortlessly configure and manage secure network authentication contexts. Through a streamlined and user-friendly interface, administrators can quickly set up contexts tailored specifically to their organization’s requirements.

  • Context Type Selection: EntryPoint 2.0 (Dot1x PEAP, Entra)

  • Context Name: Clearly define each context with a custom name, enhancing clarity, organization, and ease of future management.

  • Context Description: Provide supplementary context details or documentation, facilitating better internal communication and easier auditing.


Context Configuration #
Basic Configuration #

Client Authentication Methods

  • Supports secure authentication methods, EAP-PEAP and EAP-TLS, enhancing network access control.

  • EAP-TLS certificate support with:
    • Device Certificate (CN={{AAD_Device_ID}}#tls-device#<goup-id>)
    • User Certificate with Backend Identity Store (CN={{UserPrincipalName}}#tls-user#{{AAD_Device_ID}})

Backend Identity Store

  • Integrates seamlessly with Microsoft Entra ID as an identity store.

  • Provides clear visibility into identity management via a dedicated status panel.

  • Displays API connection statuses and health checks, ensuring reliable synchronization of permissions and user identities.

Context Management

  • Clearly displays the context name, enabling straightforward renaming to align with organizational needs.

  • Allows administrators to delete contexts, complete with explicit warnings to protect against unintended data loss.

  • Ensures deletion processes explicitly inform about the impact, including affected groups, users, integrations, and attribute profiles.

802.1 Authentication #

SSID

  • Configure the Dot1x SSID name, which clearly instructs end users on how to connect securely to the wireless network.

EAP-PEAP

EAP-TLS

  • Add Trusted Certificate Authorities (CAs):

    • Easily incorporate new Trusted CA certificates to define which issuing entities are authorized for client authentication, thereby ensuring secure communication and streamlined trust management.

  • View Certificate Details:

    • Clearly displayed information includes the certificate issuer name and expiry date, allowing administrators to proactively manage certificate lifecycles.

  • Remove Certificates:

    • Securely remove previously added certificates directly through the interface, maintaining the accuracy and integrity of the trust configuration.

  • Manage Certificate Revocation URLs:

    • Specify or update URLs pointing to certificate revocation lists (CRLs), enabling timely verification of certificate validity to safeguard against compromised or revoked certificates.

Attribute Profiles #

  • Attribute Profile Creation: Users can create attribute profiles by specifying unique profile names, clear descriptions, and defining attribute types and values through structured dropdown menus.

  • Structured Attribute Display: Attributes are displayed in a standardized format, highlighting vendor-specific attribute-value pairs (e.g., Cisco AV-pairs such as security-group tags or private-group identifiers) for clear identification and integration.

  • Profile Management and Modification: Existing profiles can be edited or deleted directly from the interface, providing administrators with precise control over attribute profile management.

  • Enhanced Traceability: Profile creation timestamps are recorded, supporting traceability, compliance auditing, and operational transparency.

Network Integration #
Basic Settings #

  • View and configure the RADIUS Hostname for network identification.

  • Specify the RADIUS client secret, a critical component for ensuring secure communication between the RADIUS server and clients.

  • Enable and configure RADIUS Server Accounting with recommended interim update intervals to maintain accurate and timely session records.

RADIUS Server Certificate #

  • Certificate Overview: View currently active server certificates, including issuer and expiration dates.

  • Certificate Management: Upload, replace, or manage RADIUS server certificates issued by recognized Certificate Authorities (e.g., GoDaddy).

  • Download Certificates: Administrators can conveniently download server certificates for record-keeping, backup, or integration purposes.

  • Update Functionality: Easily upload and manage new or updated server certificates, ensuring continuous secure authentication operations.

RadSec #

  • RadSec Activation: Enable or disable RadSec functionality, which secures RADIUS communications by leveraging TLS for data encryption and integrity.

  • Trusted Certificates: View and manage certificates from trusted entities authorized for RadSec-protected interactions, ensuring secure and authenticated communication.

  • Certificate Handling: Efficiently upload, update, or download RadSec trusted certificates, supporting secure integration with specific network infrastructure, such as Cisco Meraki environments.

Configure RADIUS Access Restrictions #

  • Define permitted IP ranges that can access the RADIUS service by specifying IP addresses in CIDR notation.

  • Maintain robust security by strictly limiting access to trusted IP addresses, or, if necessary, configure for unrestricted public access.

  • Update and apply the configured IP access filters immediately to reflect policy changes.

Create Group #

  • Create Groups: Define new groups to manage devices and users.

  • Authentication Method Selection: Specify group authentication protocols:

    • 802.1X-PEAP: User authentication using username and password credentials.

    • 802.1X-TLS with Device Certificate: Certificate-based authentication with Device Certificate.

    • 802.1X-TLS with User Certificate: Certificate-based authentication integrated with Backend identity providers.

  • Monitor Group Assignments: Review assigned networks, authentication types, and the number of devices and users in each group.

  • Control Self-Service Enrollment: Define permissions for user-initiated enrollment procedures.

  • Group Search and Filtering: Locate specific groups or network configurations through built-in search functionality.

  • Audit Logging: Track creation dates of groups for compliance and governance purposes.

Group Configuration and Overview 802.1X-PEAP #
Connected Devices #

  • Device Overview: View and manage devices connected to the network, with detailed information including device status, MAC address, connected network, last seen timestamp, device description, connected access point, connection type, and IPv4 address.

  • Search and Filtering: Capability to search or filter devices by description, MAC address, or location for focused management or troubleshooting.

Self-Service Users #

  • Self-Service Enrollment Configuration: Option to enable or disable automatic enrollment for new users into the group upon their initial login to the self-service portal.

  • Manual User Management: Provision for manually adding self-service users, assigning permissions, and viewing details such as email address, self-service permissions, associated PEAP account status, and the method of addition.

PEAP Accounts #

  • Personal PEAP Account Management: Activation or deactivation of the personal PEAP account feature, which allows self-service users to automatically receive individual authentication credentials.

  • Account Overview and Creation: Ability to view existing PEAP accounts, passwords management via the self-service module, and manually create additional PEAP accounts if required.

Group Settings #

  • Attribute Profiles Management: Selection and application of predefined attribute profiles to configure access policies and settings specific to user groups.

  • Group Identification Management: Configuration of the group name and options to update or remove the group entirely.

Connection Guidance #

  • User Instructions: Provision of clear instructions to end-users on how to connect devices to the network using their assigned PEAP account credentials and the designated SSID (Service Set Identifier).

Group Configuration and Overview 802.1X-EAP-TLS #
Connected Devices Overview #

This section provides a detailed list of devices currently connected through the 802.1X-EAP-TLS authentication method. Administrators can:

  • View the status of each connected device (e.g., wireless connectivity).

  • Identify device type (e.g., desktop, mobile).

  • Inspect essential device information, including MAC addresses, network affiliation, IPv4 addresses, and connection specifics such as access point details and type of wireless connection (Wireless-802.11).

  • Monitor device connection history through timestamps showing first seen and last seen.

  • Access user-specific details, including usernames or descriptions tied to each connection, assisting in user and device tracking.

  • Conduct targeted searches or filter devices by descriptions, MAC addresses, or location details to refine the display.

Group Settings Configuration #

This area enables precise administrative control over device groups associated with the 802.1X-EAP-TLS protocol. Administrators have the ability to:

  • Assign or modify attribute profiles for designated groups. These profiles potentially control access parameters or policies applied to group members.

  • Edit or rename the group to clearly reflect its current function or user composition (e.g., “Employees”).

  • Permanently remove the group if necessary, providing the flexibility to manage group lifecycles effectively.

Netgraph
Powered by  GDPR Cookie Compliance
Cookie Overview

What are cookies?

Cookies are small text files consisting of letters and numbers. These are sent from Netgraph Sverige AB or our partners' web servers and stored on your device (for example, computer or mobile). They can be stored in two different ways.

Session cookies are temporary cookies that disappear when you close your browser or app.
Persistent cookies are cookies that remain on your computer until you delete them or until they expire.

Different types of cookies

Both our website and others, such as Facebook or Google, may place cookies on your computer when you visit this website. Cookies from the website you are visiting are called first-party cookies and cookies from other websites are called third-party cookies.

Other files, similar to cookies, are web beacons and similar technologies. Web beacons are small transparent graphic images that may be contained in emails we send to you.

Why do we use cookies?

We use cookies to make your visit to our website as enjoyable as possible, and to improve it even more. However, we do not store IP numbers or similar personal data about you.

Functionality cookies improve your experience

We store cookies about the pages you have visited to make your experience on our website as smooth as possible. For example, we can prevent you from seeing a pop-up window more than once.

Analytics cookies help us to make our website better

We use cookies to collect aggregate analytical information about how you use the site, such as statistics on our most popular pages. With the information we get, we can improve our web and our offers.

Deleting cookies

Your browser or device usually allows you to set which cookies can be stored on your computer. For example, you can choose to block all cookies, only accept cookies from the website you are visiting or delete all cookies when you close your browser. Look under Settings.

Questions?

Do you have any questions about how we use cookies? You can always reach Netgraph Sverige AB's data protection officer at info@netgraph.se

This information was updated on August 26, 2024.