Captive Portals
      Back to home
      1. Help Center
      2. Captive Portals

      Authentication Providers

      Description of each authentication provider IronWiFi provides

      Authentication Providers define how users are allowed to authenticate on a Splash page.

      Users will be allowed to use any available authentication method, and the Report will contain information about the authentication provider.

      Add a New Authentication Provider

      When your first create a Captive Portal, you do not have any Authentication Providers defined. To add an Authentication Provider, click the “Add New” button at the top of the section. When you finish entering information, click the blue "Add Provider" button at the bottom of the Authentication Providers window.

      IronWiFi currently supports 11 methods on how to authenticate users via a Splash page:

      • Anonymous Access
      • Social Login - OAuth 2.0
      • SAML 2.0 - Single Sign-On
      • Paid Access
      • Voucher Code
      • Guest Access
      • Self Registration
      • Local Account
      • REST API
      • Sponsored Access
      • SMS One Time Password

      Anonymous Access

      This provider creates a simple Click to Connect button and does not require the user to enter any additional information. It can be used to accept the Terms of Usage.

      INPUTS:

      tos Accepted Terms of Service

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/anonymousreg

      Demo

      Social Login - OAuth 2.0

      It allows the user to sign in with their Social Network account. Supported providers include:

      • Google Apps
      • Facebook
      • Linked In
      • Twitter
      • Instagram

      Client ID - IronWiFi by default, uses its own Social Login application when requesting access to the user's social profile. If you create your app with supported Social Login providers, you can enter here your application's Client ID number, and your users will approve access to your use, instead of IronWiFi.

      Client Secret - password linked to the Client ID. You will get this from your OAuth 2.0 provider after you create a new Custom Application with them.

      Demo

      SAML 2.0 Single Sign-On

      Allows using existing SAML Identity Provider (IdP) to sign in with existing credentials. SAML IdPs confirmed to work with our platform are Google AppsOktaPing Identity, and Active Directory Federation Services

      SSO URL - Single Sign-On URL provided by your SAML Identity Provider

      IDP Entity ID - Entity identifier provided by your SAML Identity Provider

      Certificate - public certificate in PEM format provided by SAML Identity Provider. We use this certificate to verify the SAML message signature.

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/saml2

      DEMO

      Paid Access

      Allows integration with external transaction processing to sell internet access. Available Paid plans are defined in the Hotspot Paid Plans section.

      Transaction Processor - external credit card processor used to process payments from visitors. Currently supported is Stripe. Any collected payments will go directly to your Stripe account, and IronWiFi now does not charge any extra processing fees.

      Secret Key - authorization token that was provided by your Transaction Processor.

      INPUTS:

      email [Required] Visitor's email address

      card_number [Required] Credit card number

      exp_year [Required] Credit card expiration year

      exp_month [Required] Credit card expiration month

      cvc [Required] Credit card security verification number

      name [Optional] Cardholder name

      address_line1 [Optional] Billing address line 1

      address_line2 [Optional] Billing address line 2

      address_city [Optional] Billing address city

      address_state [Optional] Billing address state

      address_zip [Optional] Billing ZIP code as a string (e.g., "94301")

      address_country [Optional] Billing address country

      plan_quantity [Required] Number of units of selected plan

      selected_plan [Required] ID of the selected plan

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/hotspot

      DEMO

      Voucher Code

      It allows visitors to sign in with pre-generated voucher codes. These codes can be created manually on the Users page (voucher = user with the same username as password), or you can use our Voucher Generator to generate a set of voucher codes.

      INPUTS:

      voucher_code [Required] Contains voucher code for validation

      email [Optional] Visitors email address

      phone_number [Optional]

      firstname [Optional]

      lastname [Optional]

      fullname [Optional]

      opt_in [Optional] - Visitors want's to join the mailing list

       

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/voucher

      DEMO

      Guest Access

      This method allows you to collect additional information from your Guests. Examples of collected data are full name, phone number, and email address.

      INPUTS:

      fullname Contains guest's full name

      firstname Contains guest's first name

      lastname Contains guest's last name

      phone Contains guest's phone number

      email Contains guest's email address

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/guestselfregister

      DEMO

      Self Registration

      It allows the creation of permanent user accounts that can be used to sign on to the Splash page. Usually, customers use this method in combination with the "Local Account" authentication provider method.

      INPUTS:

      username [Required] Contains user's username

      password [Required] Contains user's password in clear-text

      fullname Contains user's full name

      firstname Contains user's first name

      lastname Contains user's last name

      phone Contains user's phone number

      email Contains user's email address

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/selfregister

      DEMO

      Local Account

      This method requires your users to sign in with an existing account.

      INPUTS:

      username [Required] Contains username for validation

      password [Required] Contains password in clear-text for verification

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/localaccount

      DEMO

      REST API

      The external web server is used to verify the provided information. JSON data will be forwarded to the external API endpoint using the POST request method. This request will contain all information submitted by the user, and also parameters from the original request URL. Our communication is authorized using a secret Bearer authentication token.

      Users will be authorized if a web server returns a correct response with an HTTP status code value between 200 and 299. If the status code is higher than 299, we decline the access request.

      API endpoint - web server URL that should receive an authentication request

      API token - bearer token, if defined, this authentication token will be included with all requests sent to the external web server

      INPUTS:

      We POST all input fields to the external web server. These may include username, password, voucher, email, etc.

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/rest

      DEMO

      Response Status Codes:

      2** – return status code indicates success, and the sample body provides user attributes, and access will be approved

      HTTP/1.1 200 OK
      {“valid_until”:”2017/01/10 01:59:59 +0000″,”valid_from”:”2017/01/09 02:03:52 +0000″,”nt_key”:”abcd12345″,”membership_id”:”`123456″,”membership”:{“name”:”John Sample”,”id”:”12345678″},”id”:”123456789abcdef”}

      4** – return status code indicates failure and body provides an error message, and we reject the access request

      HTTP/1.1 422 Unprocessable Entity
      {“errors”:[“Email/login or password incorrect.”]}

      Sponsored Access

      The visitor will be required to provide the necessary information, and we will send an Access-Request email for approval. The visitor will be authorized after the approver clicks the link contained in the delivered request. This email can be White labeled to match your design.

      Approver's email address - this is the email address where Access Request emails should be delivered. If not defined, a visitor can enter the email address of the visited person, and an email will be sent to this email address instead. For this to work, an input field with id "eaa_email" needs to be on the Splash page, and a user with the same username or email address has to exist in the IronWiFi account.

      Request expiration - access requests can have an expiration time. You can define the expiration period in minutes, or leave it blank if this request should not expire.

      INPUTS:

      fullname visitor's full name

      email - visitor's email address

      firstname - visitor's first name

      lastname - visitor's last name

      phone - visitor's phone number

      approver_email - Sponsor's email address, domain address, or leave empty. If you define an email address, we will send all requests to this email address. If you set a domain (e.g., @example.com), or multiple domains separated with commas, the guest will have to enter the email address that belongs to one of these domains (e.g., bill@example.com). If you leave this input field empty, the guest can enter any email address, but there has to be a valid user with the same email address defined in Console -> Users.

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/employeeauth

      DEMO

      SMS One Time Password

      We will send a temporary access code to the visitor's phone number. This code will have the format defined in the Guest Manager username section.

      SMS Gateway - select an external SMS gateway that should be used to send access codes to your visitors. Currently supported are Twilio and Clickatell

      Auth Token - authentication token used to access the services of an SMS gateway provider. Your SMS gateway provider issues this token.

      Sender's Phone Number - if supported and configured by your SMS gateway provider, outgoing text messages will appear to be coming from this phone number.

      Country Code - you can let your users enter the country code in the input field, or you can select a value that we will add to all phone numbers.

      SMS Body - defines the format of sent text messages. We will replace variable ${sms_code} with the generated access code.

      Code expiration in minutes - for security reasons, access codes have an expiration time. The default value is 10 minutes.

      Limit per phone number - within the "Code expiration in minutes" period, we will send maximum this number of text messages to a provided phone number.

      Limit per client - within the "Code expiration in minutes" period, we will send maximum this number of text messages from the same connected client device.

      INPUTS:

      Step 1:

      phone_number [Required] The user-friendly phone number that should receive the SMS code. If you don't specify a Country Code in Authentication Provider Settings, this number should include a country code.

      prefix We will prepend this country code to the phone number.

      Step 2:

      sms_code [Required] Contains SMS code for validation

      fullname - visitor's full name

      firstname - visitor's first name

      lastname - visitor's last name

      TARGET METHOD and URL:

      POST to https://splash.ironwifi.com/api/signin/smsreg

      DEMO