View Categories

Administration

Administration #

Netgraph Entrypoint is a sophisticated, cloud-based SaaS platform designed to simplify secure network access management and authentication configuration. Its intuitive administrative portal provides comprehensive control over your network infrastructure:

Context Creation #

The “Create RADIUSaaS Context” functionality within the Entrypoint administrative portal empowers organizations to effortlessly configure and manage secure network authentication contexts. Through a streamlined and user-friendly interface, administrators can quickly set up contexts tailored specifically to their organization’s requirements.

  • Context Type Selection: EntryPoint 1.0 (iPSK)

  • Context Name: Clearly define each context with a custom name, enhancing clarity, organization, and ease of future management.

  • Context Description: Provide supplementary context details or documentation, facilitating better internal communication and easier auditing.

Settings Configuration #

The “Settings” pages provide configuration options for managing device registration, access control, and security settings within the iPSK (Identity Pre-Shared Key) framework. The settings are structured into distinct sections, allowing administrators to define registration methods, request form requirements, RADIUS service settings, and IP access restrictions.

Device Registration Portal Options

  • Active Registration Options: Enables or disables the request access form and self-registration via email.
  • Default Register Device Flow: Determines whether users register devices through an access request or self-registration via email.
  • Invitation Code Usage: Allows users to input an invite code for group-based permission allocation.

Request Access Form Configuration

  • Group Request Configuration: Specifies which fields (e.g., name, organization, phone number, device description) are required when requesting access.
  • Email AutoComplete Activation: When enabled, group members’ emails populate request forms automatically to simplify the process.

RADIUS Service Settings

  • Client Secret Management: Displays the current RADIUS client secret and allows administrators to update it.
  • Impact Notification: Indicates that changing the client secret will affect all EntryPoint iPSK contexts.

RADIUS Access Restrictions

  • IP Access Control: Defines permitted IP ranges for accessing the iPSK RADIUSaaS service.
  • CIDR Format Support: Accepts IP ranges in CIDR format (e.g., 192.168.1.0/24).
  • Public Access Option: If no restrictions are applied, the service remains publicly accessible.

 

Context Configuration #
Basic configuration #


Name & Description

  • Allows the definition of a context by specifying a Name, Description, and Implementation type.
  • The selected implementation (e.g., IPSK) determines authentication and security mechanisms applied to network access.

CoA Listeners

  • Provides functionality for configuring Change of Authorization (CoA) listeners.
  • Administrators can add new CoA listeners and define parameters such as IP, Port, Secret, Mode, and Creation Time.

Security Group Tag (SGT)

  • Displays the existing policy for security group tagging, indicating whether manual or automated tagging is used.
  • If enabled, administrators can specify SGT Min and Max Values and activate Security Group Tags.
  • The system provides information on existing groups and the configured SGT interval.

Default Member Roles

  • Controls default access levels for users within the context.
  • Available roles include:
    • Member – Manage personal devices.
    • Administrator (Manage all devices) – Full administrative control over all devices.
    • Administrator (Manage members) – User management permissions.
    • Administrator (Update Pre-Shared Key – PSK) – Ability to update pre-shared keys for network access.

Default Attribute Profiles

  • Allows the assignment of predefined attribute profiles to the context.
  • Provides options to select and add profiles, ensuring that user attributes align with predefined security and access policies.

Self-Service Configuration

  • Defines policies for device registration notifications.
  • Configures new device mail policy, determining when notifications are sent upon device enrollment.

Remove IPSK SSID

  • Provides an option to delete the IPSK context.
  • Before removal, all associated groups and attribute profiles must be deleted.
  • Includes a confirmation checkbox and a deletion action button to ensure intentional removal.

 

Default Group #


PSK & SGT Tag Configuration

  • Allows the configuration of a Pre-Shared Key (PSK), which is displayed in an editable field.
  • Provides an option to define a Security Group Tag (SGT), which can be set or left as disabled by entering 0.
  • Includes an action button labeled “Update Name & SGT” to apply changes.

Attribute Profiles Management

  • Offers a dropdown menu to select an attribute profile for assignment.
  • Includes a button to add the selected profile.
  • Displays a list of assigned attribute profiles.
  • Provides an “Update Attribute Profiles” button to save modifications.

Default Group Removal

  • Contains a checkbox labeled “Remove Default Group”, which enables the removal option.
  • Features a “Delete Default Group” button for executing the removal action.

 

Attribute Profiles #

Attribute Profile Management:

  • Administrators can create, view, and manage attribute profiles that contain specific attribute settings.
  • The option to add a new attribute profile is available via the “Add attribute profile” button.

Profile Listing and Details:

  • Displays a list of existing attribute profiles, including:
    • Name: Identifier for the attribute profile.
    • Description: Additional information describing the profile’s purpose.
    • Attributes: The specific attributes assigned to the profile, such as IEEE Tunnel settings or Cisco AV pairs.
    • Created Date: Timestamp indicating when the profile was created.

Sorting and Pagination:

  • The table supports sorting based on the available columns.
  • Pagination controls allow navigation through multiple pages if the number of profiles exceeds the current page limit.

Editing and Deleting Profiles:

  • Each attribute profile includes a menu (accessible via the three-dot icon) for modifying or removing the profile.

 

Network Integration #

Basic RADIUS Server Settings

  • Radius Hostname: Defines the hostname of the RADIUS server used for authentication and accounting.
  • Authentication Port: Specifies the port used for authentication requests.
  • Accounting Port: Defines the port for accounting purposes. A note suggests enabling RADIUS Server Accounting with an interim update interval of 600 seconds (10 minutes).

RADIUS Client Secret

  • Displays the client secret used for authentication with the RADIUS server.
  • A notification indicates that all EntryPoint 1.0 Contexts share an IPSK RADIUS client secret, which is managed within the Contexts -> Settings section.

RADIUS Access Restrictions

  • This section enables the configuration of access restrictions for RADIUS authentication.
  • A system message confirms that all EntryPoint 1.0 Contexts share IPSK RADIUS settings, which are also managed within the Contexts -> Settings section.

 

Group Management #
  • Admins can create and manage groups, assigning them specific names and descriptions.
  • Groups can be associated with multiple devices and users.
  • Each group has a dedicated Pre-Shared Key (PSK) that can be updated.
Devices Management #
  • Displays a list of registered devices, including details such as MAC address, IP address, last seen timestamp, and connection status.
  • Provides filtering options for searching devices based on MAC address, description, or group.
  • Shows network access points (APs) that devices are connected to.
  • Enables administrators to add new devices manually.
Self-Service Users #
  • Lists self-service users along with their associated registered devices.
  • Shows assigned permissions, including roles such as “Self-Service User Administrator” and “Pre-Shared Key (PSK) Administrator.”
  • Allows searching for users by email or group.
  • Provides an option to add new self-service users.
Group Settings #
  • Displays configuration options for managing iPSK groups.
  • Allows updating group names and descriptions.
  • Provides the ability to set and modify Pre-Shared Keys (PSKs) for group-based authentication.
  • Includes a warning that updating the PSK will impact a defined number of users and registered devices.
  • Supports the configuration of an SGT (Security Group Tag) Value, which may be used for network segmentation or policy enforcement.
Connection Instructions #
  • Provides step-by-step instructions for connecting to a specific SSID.
  • Specifies the PSK to be used based on whether a device is registered within the system.
  • Ensures clarity in authentication procedures for users attempting to connect to the network
Netgraph
Powered by  GDPR Cookie Compliance
Cookie Overview

What are cookies?

Cookies are small text files consisting of letters and numbers. These are sent from Netgraph Sverige AB or our partners' web servers and stored on your device (for example, computer or mobile). They can be stored in two different ways.

Session cookies are temporary cookies that disappear when you close your browser or app.
Persistent cookies are cookies that remain on your computer until you delete them or until they expire.

Different types of cookies

Both our website and others, such as Facebook or Google, may place cookies on your computer when you visit this website. Cookies from the website you are visiting are called first-party cookies and cookies from other websites are called third-party cookies.

Other files, similar to cookies, are web beacons and similar technologies. Web beacons are small transparent graphic images that may be contained in emails we send to you.

Why do we use cookies?

We use cookies to make your visit to our website as enjoyable as possible, and to improve it even more. However, we do not store IP numbers or similar personal data about you.

Functionality cookies improve your experience

We store cookies about the pages you have visited to make your experience on our website as smooth as possible. For example, we can prevent you from seeing a pop-up window more than once.

Analytics cookies help us to make our website better

We use cookies to collect aggregate analytical information about how you use the site, such as statistics on our most popular pages. With the information we get, we can improve our web and our offers.

Deleting cookies

Your browser or device usually allows you to set which cookies can be stored on your computer. For example, you can choose to block all cookies, only accept cookies from the website you are visiting or delete all cookies when you close your browser. Look under Settings.

Questions?

Do you have any questions about how we use cookies? You can always reach Netgraph Sverige AB's data protection officer at info@netgraph.se

This information was updated on August 26, 2024.