The Challenge
Meridian Financial Services is a mid-market financial advisory firm with 47 offices and 3,200 employees across the United States. As a regulated financial services company, network security is not optional - it is a compliance requirement that directly impacts their ability to operate.
For years, the firm relied on a self-managed FreeRADIUS deployment for WiFi authentication. What started as a cost-saving decision had become a significant liability. The FreeRADIUS servers required constant maintenance, and the lone engineer who understood the configuration had become a single point of failure. When his on-call phone rang at 2 AM because an expired certificate took down WiFi at a branch office, the total cost of "free" became clear.
The breaking point came during a SOC 2 compliance audit. The auditors flagged several findings related to the RADIUS infrastructure: inconsistent certificate management, no centralized logging, and insufficient access controls. The remediation plan for the existing system was estimated at 6 months of work and $80,000 in consulting fees - more than the cost of replacing it entirely.
- Aging FreeRADIUS deployment requiring specialized knowledge to maintain
- Expired certificates caused WiFi outages across branch offices
- SOC 2 audit flagged compliance gaps in RADIUS infrastructure
- $40,000 per year in maintenance costs (staff time, server hosting, consulting)
- Single point of failure - one engineer understood the configuration
- No centralized logging or monitoring across 47 offices
- Employees traveling between offices had to re-authenticate at each location
The Solution
Meridian Financial migrated to IronWiFi's cloud RADIUS platform with Azure AD (Entra ID) integration and certificate-based authentication. The migration was designed as a phased rollout to ensure zero disruption to business operations - a non-negotiable requirement for a financial services firm.
The Azure AD integration meant that employee onboarding and offboarding automatically synced with WiFi access. When HR deactivated an employee's account, their WiFi certificates were revoked within minutes - a critical security requirement for a firm handling sensitive financial data. IronWiFi's managed certificate lifecycle eliminated the expired certificate problem entirely.
OpenRoaming was deployed to solve the cross-office roaming challenge. Employees now connect automatically when they visit any of the 47 offices - no re-authentication, no help desk calls, no friction. The same OpenRoaming profile also provides seamless connectivity at airports, hotels, and conference venues that participate in the WBA OpenRoaming federation.
- Cloud RADIUS with Azure AD (Entra ID) integration for identity management
- Certificate-based authentication with automated lifecycle management
- OpenRoaming for seamless cross-office connectivity
- Centralized logging and monitoring dashboard for all 47 offices
- Automated certificate renewal - no manual intervention needed
- Phased migration approach: 5-6 offices per week over 8 weeks
"We were spending $40,000 a year keeping FreeRADIUS alive, and it was still causing outages. IronWiFi costs us a fraction of that, and we haven't had a single certificate-related incident since we migrated. The SOC 2 auditors were actually impressed with our new setup - that's a first for WiFi infrastructure."- Sarah Kim, Network Security Manager, Meridian Financial Services
The Results
The migration delivered measurable results across cost, reliability, compliance, and user experience. The financial case was straightforward: IronWiFi replaced a $40,000/year maintenance burden with a predictable subscription that costs significantly less, while simultaneously eliminating the hidden costs of outages and emergency consulting.
Certificate-related outages - which had averaged one per quarter - dropped to zero. The automated certificate lifecycle management means certificates are renewed before they expire, and the centralized dashboard provides real-time visibility into certificate status across every office.
The SOC 2 compliance story flipped completely. What had been a source of audit findings became a strength. The centralized logging, automated access controls tied to Azure AD, and documented certificate management processes satisfied every auditor requirement. The compliance team now points to the RADIUS infrastructure as an example of how security should be managed.
For employees, the most visible improvement is OpenRoaming. Traveling between offices used to mean calling the local IT contact for WiFi credentials. Now devices connect automatically the moment employees walk through the door - at any of the 47 offices, and at thousands of OpenRoaming-enabled venues worldwide.
Timeline
The full migration was completed in 8 weeks using a phased rollout approach. The first 2 weeks were spent on Azure AD integration, certificate authority setup, and pilot testing at 3 offices. Weeks 3-7 covered the production rollout at 5-6 offices per week, with each office cutover taking approximately 2 hours during off-peak hours. Week 8 was devoted to decommissioning the FreeRADIUS servers and finalizing documentation. The entire migration was completed with zero downtime - offices ran both systems in parallel during the transition window.