RADIUS Authentication with Google Apps
If you want to manage your wireless users using Google Apps account, you can enable remote synchronization with your Google Apps account for users in specific groups and organizational units.
How to enable Synchronization
- Log in to the Console
- From the menu, go to Users -> Connectors -> New Connector
- Fill in Name, select Google Apps as Database Type
- Type your domain without the http: or www
- Select Authentication Source:
- Google will forward authentication requests to Google servers for verification
- Local will verify provided credentials locally – Cleartext-Password attribute, etc.
- Configure your Google Apps account to allow API access by clicking the link below – Enable API access.
- Click to Authorize, and you will receive a unique authorization code. This is normal.
9. Click Continue
10. In the Select Group for Import window, select the Organizational Unit or Group that you want to import
Every imported user will have a random password generated. Please do not delete these generated passwords. They can be used for authentication if there is some problem with your Google Apps account and deleting the generated password will disable user’s ability to authenticate.
You have multiple options on how to authenticate your imported users:
Option 1: Authentication using generated password – PEAP
During the initial synchronization, a random password is generated for every imported user. Use CSV export function to export list of passwords and provide these passwords to your users.
Option 2: Authentication using certificate – TLS
You can manually create a client certificate for each user and distribute these certificates to your users. Users will be able to authenticate to your network using these certificate.
Option 3: Authentication using existing Google account password – TTLS + PAP
If your users want to authenticate using their existing Google passwords, enable IMAP access and enable Access for less secure apps for your Google Apps account. IronWifi uses IMAP with SSL for secure authentication using Google.
You can test your Google Apps account settings by downloading some IMAP client, Opera Mail for example, and configuring it to fetch emails using IMAP with SSL. If it works, your account is ready to be used for WiFi authentication.
12. Configuring Client Devices
a. The easiest method is to use our profile generator tool since as you will see from the below instructions that Windows makes this setup a very cumbersome task
b. If you prefer to do it manually Follow system specific instructions on how to configure your clients:
13. 2-Factor Authentication
If your users have 2-Step Verification enabled in their Google account, you can let them authenticate to network with their username (email address) and App password. To generate application specific password, do the following:
- go to https://security.google.com/settings/security/apppasswords?pli=1
- select Mail, select your device, and click GENERATE
- a new app password will be generated and displayed. This password can be used for authentication to your WiFi network.