Juniper Mist provides a cloud-managed Wi-Fi solution that includes advanced features like AI-driven automation, location-based services, and guest networking. The Guest Authentication process in Juniper Mist typically involves several steps to ensure that visitors can securely connect to the network. Here's an overview of how the Guest Authentication process generally works within a Juniper Mist environment:
1. Guest Portal Setup
- Create Guest Network: In the Mist dashboard, you first define the guest network (SSID) that will be used by visitors. This network can be isolated from the main corporate network to ensure security.
- Customizing the Guest Portal: You can customize the guest login portal to match your company’s branding. This portal can provide different authentication methods (e.g., login with a voucher, social login, or email-based authentication).
2. Authentication Methods
Juniper Mist supports several authentication methods for guest users:
-
Self-Registration: Guests can self-register through the captive portal by entering their details such as email, mobile number, or other forms of identification. After registration, they receive access credentials (like a username/password or a QR code).
-
Voucher-based Authentication: Administrators can generate one-time-use vouchers that grant internet access. These vouchers are typically used for temporary access and are often distributed manually or sent via email.
-
Social Login: Guests can log in using social media accounts (e.g., Facebook, Google, etc.). This is a simple and often faster method for guest access, reducing friction for users while still ensuring authentication.
-
Email-based Authentication: Guests enter their email addresses on the captive portal. They may receive a confirmation email with a link to authenticate, providing easy access without needing to remember a username or password.
-
Pre-Authenticated Access: In some cases, organizations might provide access to specific guests ahead of time through email links or vouchers that are pre-configured.
3. Access Control & Policies
Once the guest user authenticates via one of the methods above, the system applies the appropriate access policies:
- Role-based Access Control (RBAC): The Mist platform uses RBAC to ensure that guest users have appropriate access to resources. For example, a guest might only have internet access but not access to internal network resources.
- Bandwidth Control: Limits can be set on the amount of bandwidth a guest can consume.
- Time-based Access: Access can be time-limited, either to a specific duration or until a set time (e.g., access valid for 24 hours).
- Traffic Isolation: Guest traffic is typically isolated from internal network traffic for security purposes.
4. User Experience
- Captive Portal: When guests connect to the guest SSID, they are redirected to a captive portal page, where they will be asked to authenticate based on the chosen method (email, social login, etc.).
- Redirect After Authentication: After successfully authenticating, users are either granted immediate access to the internet or redirected to a specified landing page (e.g., a welcome page or terms and conditions).
5. Monitoring & Reporting
- Session Monitoring: Once the guest is authenticated and connected, administrators can monitor their session in real time. The Mist platform provides visibility into user activity, including connection status, data usage, and session duration.
- Analytics: Mist’s AI engine can also provide insights into guest usage patterns, such as the number of guests connected, peak usage times, and performance metrics.
6. Integration with Third-party Systems (Optional)
Mist allows integration with external systems like external RADIUS servers, cloud-based identity management platforms, or external authentication databases if more complex or custom authentication workflows are required.
7. Security Considerations
- Guest Network Isolation: To prevent guests from accessing corporate resources, the guest network is isolated from internal corporate VLANs and networks.
- Encryption: The guest Wi-Fi traffic is encrypted using WPA2 or WPA3 security protocols.
- Web Filter: Optional URL filtering or content filtering policies can be applied to ensure that guests don’t access inappropriate websites.
8. Post-Authentication Experience
After successful authentication:
- Access is granted based on predefined access control policies.
- Administrators can choose to log or track guest user activity for audit and compliance purposes.