YOU ARE AT:Network InfrastructureWi-FiHow innovation enables seamless, secure enterprise Wi-Fi onboarding (Reader Forum)

How innovation enables seamless, secure enterprise Wi-Fi onboarding (Reader Forum)

As pandemic-related restrictions have ended in most parts of the world, customer-facing businesses have an excellent opportunity to gain new significance in the buying journey by modernizing Wi-Fi use to meet customers’ expectations. In this article, we look at how WBA OpenRoaming is redefining the overall experience by enabling a seamless and secure Wi-Fi onboarding, while Passpoint technology is enabling enterprise IT teams ease the onboarding process for customers, partners, and visitors.

Open for business again

As customers return to brick-and-mortar establishments, they have renewed expectations shaped by two years of online shopping. Since today’s in-location customers use mobile devices for myriad reasons (e.g., comparing prices, researching products, accessing social media), Wi-Fi technology plays an essential role in their experiences. In fact, 78% of retailers surveyed by Juniper agree connected retail customer experiences are important to organizational growth.[1]

Restaurants have gone through a rapid digital transformation following the pandemic and digital engagement is more important than ever. Fifty-six percent of customers say free Wi-Fi is the most important feature diners expect restaurants to offer, according to Hospitality Technology’s 2020 Customer Engagement Technology Study.

Travelers are also returning in droves. Various polls revealed that for 90% of hotel guests, Wi-Fi was their most sought amenity. The hospitality industry is thus keen to reduce friction given how important great Wi-Fi is to guests. Top brands such as Marriott, Hilton and Hyatt have recognized next generation Wi-Fi as an investment that will keep guests coming back.

Tacking the onboarding process

Devices trying to connect to a Wi-Fi network go through a 4-way handshake process. This process allows the router to confirm a customer’s Wi-Fi credentials, set up a secure communication channel and grant access to the network. However, this four-way handshake does not always happen without friction. The most common issues users are facing include MAC randomization issues, clumsy captive portal pages, needing or losing a password, not knowing which network to log in to, or requiring too many steps to get internet access. WBA OpenRoaming resolves the onboarding process elegantly and securely.

What is WBA OpenRoaming?

WBA OpenRoaming is an open industry standard promoted by the Wireless Broadband Alliance (WBA), which automates secure device onboarding and roaming between different Wi-Fi networks. The WBA brings together a federation of trusted identity providers that allow users to join any network managed by a federation member. The network can authenticate devices automatically by using established identity providers, such as a service provider, device manufacturer, cloud ID and loyalty memberships.

How does OpenRoaming work?

WBA OpenRoaming is based on Wi-Fi Alliance-Certified-Passpoint, an industrywide solution that streamlines Wi-Fi access and eliminates the need for users to find and authenticate a network each time they visit. While Passpoint focuses on local roaming and direct network partnerships, WBA OpenRoaming targets a broader geographic area. Instead of using local networks as an intermediary to reach the local radius server, WBA OpenRoaming use federated directories to allow trusted networks to authenticate users locally and deals with MAC randomization.

Overcoming MAC address randomization

Vendors are introducing MAC randomization in their operating systems, in which MAC addresses change during a period of time, such as every 24 hours, or every time a device is disassociated from the Wi-Fi network. This process protects users’ privacy but doing so can cause problems providing in-location services, such as geolocation marketing or retail store customer flow analysis. WBA OpenRoaming solves MAC randomization by eliminating the need to use MAC addresses for the onboarding process and using Passpoint certificates instead.

Easy, yet more secure

WBA OpenRoaming simplifies the onboarding process without compromising security. It uses 802.1X for subscriber authentication. 802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them to access the network. A user’s identity is based on their credentials or certificate and is confirmed by the radius server. WBA OpenRoaming uses one Extensible Authentication Protocol (EAP)-TLS, which supports certificate-based authentication — the gold standard of authentication.

Driving better location-aware experiences

For the customer-facing business, a significant benefit of OpenRoaming is the increased Wi-Fi adoption rate. Thanks to the seamless and automatic Wi-Fi onboarding process, more customers access the Wi-Fi services and are willing to share their information, including email address, phone number and real-time on-premises actions (enter, dwell, exit). The result is an actionable customer location data that cannot be purchased and is of excellent value for future marketing, sales and operations initiatives, such as loyalty programs and scan & go.

Businesses can onboard customers with a mobile app by requesting they add the company’s WiFi network to their devices and automatically installing the Passpoint profile. Companies may also onboard customers without a mobile app by asking users to download the Passpoint profile from a web page they can reach through multiple channels (e.g., email, SMS, QR code, banner web, traditional captive portal)

Passpoint technology is not only used in public-facing locations but also in private enterprise networks where onboarding customers and visitors is not without friction.

Enterprise campus

The practice of bringing your own device (BYOD) has been around for years in office spaces and the shift to hybrid work around the world has accelerated the trend. However, staff and guests face several problems when connecting to traditional enterprise Wi-Fi, such as needing or losing a password, losing connectivity when logging back into a computer, or onboarding unsecured devices into the network, thus putting the enterprise network at risk. It can reflect poorly on a company’s image if it’s difficult for visiting customers or employees from other branches to connect to the office network.

The aforementioned onboarding issues can result in a great deal of time wasted — both by users trying to resolve the issues and the network managers and IT teams trying to help. Fortunately, Passpoint technology solves these onboarding issues. IT networking teams can select one or more onboarding channels to pre-register their visitors including:

  • Self-registered before the visit
  • Self-registered via captive portal
  • Self-registered via kiosk
  • Sponsored
  • Self-registered through existing visitors’ management systems

Once a user accesses a location’s Wi-Fi network, their Passpoint-enabled device will automatically connect upon subsequent visits. This eliminates the need for users to search for and choose a network, request Wi-Fi access, and re-enter authentication credentials each time they visit. The process dramatically frees up precious time and resources from IT support staff.

As demonstrated in this article, recent innovations are easing the Wi-Fi onboarding and adding business value. Passpoint and WBA OpenRoaming standards enable new business models to become viable for companies, which helps transform Wi-Fi from cost to asset.


[1] Competing and Winning with New Customer Experiences, Juniper, 2021

ABOUT AUTHOR