Share Via
For years, wired and wireless connectivity has been pivotal in driving digital transformation. Wi-Fi standards have evolved to deliver faster performance, applications are now accessible from anywhere, and IoT devices are a way of life. However, despite these leaps, network authentication, and provisioning mechanisms have evolved at a much slower pace.
This process often involves authenticating devices through an Active Directory (AD) using complex third-party RADIUS servers to set up a variety of rules, and crossing fingers in the hope that everything works.
All of which requires manual intervention for onboarding and decommissioning of each device. If a user leaves an organization, someone must go into a directory and manually update the status of the user and their devices. The manual processes put a constant strain on IT resources, introduce opportunities for error, and slow down an organization’s ability to effectively secure their environment based on changes in workforce personnel and authorization privileges.
The Change Starts with Simplification
Traditional networking often comes with complexities that are especially daunting for mid-market customers. These include managing added-on third-party RADIUS servers for authentication, integrating with LDAP databases, and handling certificate management. Such setups often require significant resources and IT expertise, making them less feasible for organizations with limited budgets and technical capabilities.
Because of the issues described, there’s a growing need for a simplified, user-friendly network access model and solutions that eliminate unnecessary complexity. To help, customers utilizing the Nile Access Service, can leverage the tightly integrated Nile RADIUS Service to amplify their security posture, while also simplifying the authentication process for IT administrators and the users connecting their devices.
A New Approach To Managing User and Device Connectivity
Nile has consistently led with the idea of modernizing legacy best practices, incorporating cutting-edge capabilities where possible. It is our belief that providing customers with the ability to easily adopt modern, cloud-based network authentication and authorization methods is a step forward. This includes the provisioning and deprovisioning of devices in an automated fashion.
In today’s digital world, we’ve evolved to offer users a better experience for connecting to applications through Single Sign-On (SSO). Access to their most used apps is simple and secure, without repeatedly entering credentials, thanks to integration with Identity Providers (IdP). What if you could offer the same level of simplicity and convenience for accessing the network? Why can’t a network behave like an app, accessible via SSO.
Well it can. Similar to how users log into their cloud and SaaS applications using SSO and underlying protocols like SAML 2.0 and OIDC, Nile brings the same ease and security to the LAN by treating the network like an application. As the industry adopts autonomous networking capabilities, security mechanisms must evolve at a faster pace to satisfy evolving user behavior and threats.
In addition to built-in single sign-on (SSO) support, Nile has added the ability to leverage SCIM (System for Cross-domain Identity Management), to allow for seamless provisioning and deprovisioning of users. Today, SCIM is supported by the majority of modern enterprise SaaS applications for automated user provisioning and deprovisioning, making it easy for organizations to adopt it as a means to automate who can connect to their networks. This ensures when a user is deactivated in an IdP (identity provider), they are also instantly denied access to the network.
An added advantage is the ability to layer SCIM on top of RADIUS and EAP-TLS deployments. SCIM is used to control user identity status, while EAP-TLS handles the credential (certificate) side. If certificates aren’t revoked or expired, access could still happen unless policy explicitly checks SCIM status.
It’s an easy-to-set-up and use capability that ensures that if a user is no longer with the organization, any user is effectively denied access to existing applications that they were originally allowed to use. In our case, the Nile network.
Cloud-Ready Network Control for Enhanced Application and Network Security
Modern security features designed for IT efficiency, like SSO and SCIM integration, are included within the Nile Trust Service family of capabilities. They work hand-in-hand and allow organizations to eliminate managing on-premises NAC, third-party RADIUS server, and Active Directory complexity.
IT teams gain a solution that’s not only secure but also adheres to industry standards. By adopting protocols like SSO and SCIM, we’re paving the way for a future where network connectivity and authentication is as flexible and seamless as the cloud environments that most organizations operate in today.
Leveraging SSO for Network Access
Because SSO has become an integral part of modern applications, it also offers users the convenience of seamless network access without the hassle of multiple logins. Nile is pioneering the concept of applying the same Zero Trust principles to network access, focusing on simplicity and automation. With Nile’s solution, network access becomes as simple as accessing an app via SSO.
Different types of SSIDs (Open, PSK, uPSK, Guest) typically lack the authentication layer provided by RADIUS servers. By implementing SSO on top of these traditional SSIDs and extending it to wired networks, Nile will add a missing authentication layer throughout organizations to enhance security. Regardless of whether a user tries to connect to wired or Wi-Fi networks, if deactivated in the IdP, they will be denied access even if certificates are valid.
For added security, I’m recommending that our customers utilize the WPA3 OWE (Open) standard to encrypt the communication between each client and a Wi-FI access point. WPA3 OWE and SSO provide greater protection even though no password is required to join the network. If interested in learning more, please reach out to me.
An Example Use Case and Implementation in Higher Ed
Student or employee self-registration demonstrates the effectiveness of Nile’s solution. End users can log in to the Nile provided self-registration portal called MyNile using SSO to create unique PSKs for their devices for campus use, and optionally onboard wired and wireless devices in their dorm room. This process, driven by automation, significantly reduces the burden on IT while maintaining robust security. Setting up these features is straightforward and can be accomplished with just a few clicks, embodying simplicity unlike traditional networks where additional on-prem services have to be installed, configured and maintained.
Conclusion
By treating network access similar to logging into an app, Nile eliminates the challenges of traditional methods, making network access more accessible and manageable for customers of any size. Emphasizing simplicity, automation, and Zero Trust, Nile’s innovative solution not only enhances security but also significantly reduces the IT burden, offering a seamless and user-friendly experience.
Nile is redefining how organizations think about identity, security, and access — merging SSO, SCIM, and zero trust into a seamless experience. If your network isn’t as easy to access as your favorite SaaS app, it’s time for a change.
To learn more:
Please feel free to reach out with any questions.
