We changed onboarding tools for non-AD devices to SecureW2 last September and have been more than happy with their service & support.
They tend to officially support OS versions before official release, which can be useful in a Higher-Ed environment. Bruce Osborne Liberty University -----Original Message----- From: Norman Elton [mailto:[email protected]] Sent: Tuesday, August 7, 2018 3:25 PM Subject: Onboarding Android devices We've got an encrypted network with the classic PEAP + MSCHAPv2 combo, allowing users to connect with their domain credentials. We've shied away from onboarding tools like SecureW2, especially for student devices, as they seem more cumbersome than just having the user configure the connection properly the first time. Preparing for the fall, we've noticed that recent versions of Android make the process a little more cumbersome. It appears that 8.1 & 9.0 allow the user to validate the certificate by domain, which is great. Although the steps to get this setup are far from intuitive. 8.0 doesn't give that option, instead displaying a scary warning, "This connection will not be secure". The user is forced to go ahead with "do not validate certificate", leaving them open to leak their credentials to a rogue AP. Far from ideal. Theoretically, we could ask the user to trust the CA certificate in advance, and (hopefully) the warning message would go away. But I haven't gotten this to work. Is there a general consensus that these devices are better served with an onboarding tool that can accommodate the various flavors of Android? Or is there a recipe for a user to setup 802.1x securely (with some sort of certificate validation) on Android devices pre-8.1? Thanks, Norman Elton ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
