By providing unified onboarding for a broad spectrum of devices, the XpressConnect family of products enable capabilities spanning numerous solution categories.

Automated Device Enablement

device-enableXpressConnect is the industry’s first comprehensive Automated Device Enablement (ADE) solution, combining broad onboarding capabilities and advanced certificate management to securely enable devices throughout and across enterprises.

The ADE approach to device enablement ensures the infrastructure-controlled security of devices through unique, standards-based device certificates rather than intrusive and support-intensive management agents. XpressConnect provides the industry’s first turnkey solution for enabling a broad spectrum of laptops, tablets, and phones for certificate-based network and data access. Learn more…

BYOD Onboarding

byodXpressConnect provides automated, self-service onboarding for employees and others with personal devices (BYOD). Designed on the concept of least-privilege, XpressConnect distinguishes personal devices from IT-owned assets and applies the appropriate policies. With support for automated configuration of certificates, Wi-Fi, email, and more, XpressConnect ensures personal devices are onboarded effortlessly and secured appropriately without intrusive management agents.

Certificate Management

cert-manageThe use of certificates has traditionally been hindered by the challenges of distributing certificates and the overhead of managing the lifecycle of certificates. XpressConnect solves both of these issues, providing a zero-touch approach to distributing and managing certificates.

XpressConnect is designed to distribute certificates for all types of end users. XpressConnect features the ability to distribute certificates in a self-service, automated manner from a variety of sources, including the onboard certificate infrastructure, Microsoft Certificate Services, or from third-party certificate authorities.

The onboard certificate infrastructure provides a simple-to-use, robust certificate system with complete flexibility and automation over all aspects of certificate management.

If you have Microsoft Certificate Services deployed, you may choose to have XpressConnect issue certificates from Microsoft CA for select use cases, such as IT-owned assets. Unlike systems that rely solely upon SCEP and Microsoft NDES, XpressConnect properly registers each certificate to the appropriate user in Active Directory, rather than SCEP_ADMIN, to ensure user management within Active Directory functions as expected.

Regardless of how you choose to mix-and-match certificate sources, XpressConnect makes certificate management intuitive, including:

  • Ensuring each device is issued the appropriate certificate.
  • Providing visibility into user, device, and policy information associated with each certificate.
  • Automatically managing the lifecycle and permissions based upon policies.
  • Providing automated notifications to users, administrators, and external systems regarding the issuance, revocation, and expiration of certificates.

Certificates for Chromebooks

cert-manageChromebooks are beloved for being simple and secure. With XpressConnect ES, you can now deploy the gold standard in security, certificates, to Chromebooks in an automated manner.

Whether issuing from an existing Microsoft CA or through XpressConnect’s built-in PKI, XpressConnect ES ensures every device receives the appropriate certificate without IT overhead. Once installed, the certificate is available for a wide array of uses, including certificate-based WiFi, web authentication, and more.

For managed Chromebooks, XpressConnect ES deploys both user and device certificates. Either way, the certificates are TPM-backed, meaning they are burned into hardware for maximum protection.

For unmanaged Chromebooks, XpressConnect ES provides self-service, automated installation of the certificate along with related services, such as WPA2-Enterprise WiFi using EAP-TLS.


identityXpressConnect combines the industry’s most flexible system for establishing identity along with the world’s most secure form of authentication. During enrollment, XpressConnect determines the user’s identity through a variety of mechanisms, including credentials, sponsorship vouchers, one-time-passwords, and more. XpressConnect then translates the identity into a secure certificate, unique to the device, which will be used for all future accesses. This eliminates the need to store and transmit enterprise credentials on personal devices, greatly reducing the opportunities for compromised enterprise credentials.

Guest Access

XpressConnect provides a complete guest access system to identify and onboard guests, contractors, partners, and other external users. XpressConnect provides a full range of options for establishing identity and privileges, including sponsorship, email, SMS, social media, custom OAuth, voucher codes, as well as click-to-join. With control over access privileges and length of access, XpressConnect ensures external users are identified and onboarded without the need for IT involvement.

Enterprise Roaming

XpressConnect provides industry-first support for certificate-based enterprise roaming, enabling contractors and partners to move between enterprises in a seamless, secure manner. With policies defined by IT and extended by business users, XpressConnect ensures secure access is extended to partners without the associated IT overhead and ongoing support costs.

Gaming Devices

Gaming devices, with a lack of WPA2-Enterprise support, provide unique challenges, particularly for universities. While Cloudpath continues to encourage and assist manufacturers with adding WPA2-Enterprise support, XpressConnect provides mechanisms today to help secure these devices through a combination of automated authorization and device registration.


mdmXpressConnect delivers the key features of Mobile Device Management (MDM) without the need for intrusive and expensive MDM on-device agents. It does this by enabling certificate-based security which can be controlled from the infrastructure rather than via a management agent. XpressConnect provides the security and control enterprise needs with a light-handed approach that reaches a broader spectrum of users.

First, XpressConnect automatically issues and installs a unique certificate, tied to policies based on user, device and intended use, on every device. The ability to use the certificate, along with the rights associated with the certificate, are tracked and controlled within XpressConnect. Next, XpressConnect provides automated configuration for specific uses of the unique certificate. Most commonly, this is configuration of the device for secure WPA2-Enterprise Wi-Fi access with the appropriate role, VLAN, or ACL assignment. Additionally, integration of the certificate with existing services, such as Active Sync, provide additional capabilities such as remote email wipe. Plus, with the ability to define multiple policies, XpressConnect provides a consistent onboarding approach for all types of users, including BYOD, partners, and guests.

The XpressConnect approach to MDM, which is based on enabling capabilities, is non-intrusive, does not prevent use of the device in multiple environments, and fits ideally with BYOD, partner, contractor, and guest use cases.

NAC – Posture

nacThe posture component of network access control (NAC) ensures that devices comply with best practices, such as the use of firewalls and antivirus. XpressConnect embeds best practice compliance checks and automated resolution for a variety of operating systems into the onboarding process, ensuring every device complies with best practices before joining the secure network. Through both built-in functionality as well as integration with third party NAC agents, XpressConnect has an option for every environment and every use case.


XpressConnect contains an integrated, certificate-optimized RADIUS server, as well as support for external RADIUS servers, to simplify the definition and enforcement of RADIUS policies. During device enrollment, XpressConnect associates user, device, and policy information into a unified and optimized store, allowing policies such as VLAN, role, and ACL, to be applied easily and efficiently, reducing EAP timeout issues commonly plaguing RADIUS deployments. In addition, the certificate-based authentication enabled by XpressConnect provides unmatched options for secure site survivability in distributed environments.

Wi-Fi Onboarding for EAP-TLS

onboardXpressConnect provides unmatched user and management simplicity for secure WPA2-Enterprise Wi-Fi using EAP-TLS. The days of using unencrypted Wi-Fi are over; XpressConnect makes extending secure Wi-Fi to all users simple. Whether a visitor with Internet-only access, or a contractor or BYOD user with limited internal access, XpressConnect ensures each device is onboarded in a self-service, automated manner with the appropriate policy and without the need for IT involvement.

Profiling, Visibility, & Reporting

profilingEffectively running an enterprise network requires visibility into devices and control over their access. By tracking user, device, and policy information, XpressConnect provides rich visibility into the devices granted access to the network. Visibility is only the beginning; XpressConnect also provides control over each device’s access. Whether you need to drop a single device, block all devices for a user, or eliminate an entire policy class, XpressConnect makes it simple and keeps it all out-of-band.

To keep the enterprise informed on the utilization of the network, XpressConnect provides on-demand, scheduled, and API-based reports with information about users, devices, policies, certificates, and more.