EAP-TLS, utilizing client certificates rather than passwords, is the most secure form of 802.1X authentication.
The classic issue with EAP-TLS, which led to the development of PEAP and TTLS, is that it requires a client
certificate on every machine. This used to be a management nightmare, but now XpressConnect automates
the client certificate process for a wide
array of managed and unmanaged device types.
XpressConnect has the ability to interact with your Certificate Authority (CA) server to authenticate
the user (and/or device) and retrieve a client certificate. Whether you use Microsoft CA or a home-grown CA,
XpressConnect provides a drop-in vehicle for extending EAP-TLS to Windows, Mac, Ubuntu, iOS, and Android devices.
During the client certificate generation process, the client's private key never leaves the device, maximizing the
security of the certificate. During the issuing process, XpressConnect can provide extensive device and user-related information upon which
the CA may decide to issue a certificate or deny the request. Once a certificate is issued, XpressConnect
will automatically install it and configure the WPA2-Enterprise SSID to utilize it.
As always, XpressConnect allows you to mix and match your configurations to match your policies. Whether
EAP-TLS is deployed as the only access mechanism or as an option alongside PEAP or TTLS, XpressConnect
will ensure the device is successfully connected to the secure wireless network in a simple and fool-proof manner.
If you believe EAP-TLS is inherently difficult, request a demo and we will
show you how simple EAP-TLS can be.
Key Features for EAP-TLS Environments Include:
Support for most common laptop, phone, and tablet devices.
Support for Microsoft 2003 CA Server, Microsoft 2008 CA Server, as well as home-grown CA servers.
Enable advanced policies, including treating IT-issued devices differently than non-IT-issued devices.
Self-service or IT-driven options.
Provide predictable, fool-proof assistance during the initial on-ramping as well as any time that wireless does not behave as expected.