Datasheet

Multi-vendor Cloud PPSK

Supports cloud PPSK lifecycle management across multiple WiFi vendors

• Cisco Meraki

• Extreme Networks

• Cambium cnMAestro

• TP-Link Omada (cloud or on prem)

• Huawei iMasterNCE Campus

• Junioper Mist

• Ruckus SmartZone

• Fortinet Fortigate

Delegation to local managers

Each Network can be assigned with a dedicated Admin with permission to manage Accounts

• Network Admins can manage one or multiple Networks

• Network can be geographically distribute and independent buildings or different area od the same Campus

Multi Admins and Roles

Each Org can have multiple Admins with multiple roles

• Org Admin with Owner role can create other Admins

• Org Admin with Owner role can transfer Ownership to another Admin

End-user identity management integrations

Integrations with multiple system of records where to verify identities of end-users to enable self-onboarding

• Google (oAuth)

• MS Entra (oAuth)

• SAML (Google, MS Entra, Okta, Auth0)

• Shibboleth

• Coworking management system integrations Optix, Office RnD, Nexudus, Adncards

• Entrata (coming soon)

• Custom HTTP RESt APIs to easily integrate and external system of records (even an google sheet or a custom DB)

Network Policies orchestration

Allows to define and orchestrate Network Policies on the network for supported vendors

• Initialize and mange Group Policies on Meraki and keep them in sync across all Networks deployed in he project

Dynamic PAN orchestration

Allows to automatically manage Personal area networks for Accounts

• Automatic PAN orchestration via VLANs or L3 segments (such as Meraki WPN or Extreme PCGs)

• Automatic orchestration provide multipel options:

  • assign unique PAN to each Account

  • assign PAN based on assigned Unit

  • assign PAN based on Account Group

• Option to free-up VLANs upon service termination for re-use by other Accounts

WiFi Portal

Self-service portal for users to manage their service

• Admins can define the content, logo, color, theme of the Portal and granularly enable/disable each capability

• See personal passphrase and network PPSK name

• Scan QR code for quick connection to the WiFi network

• Re-generate the passphrase (if enabled by Admins in the dashboard)

• See and edit personal profile and service details

• Delete their own account (compliance)

• Enable/disable dedicated passphrase for Guests (if enabled by Admins in the dashboard)

• Enroll personal devices into Passpoint (if enabled by Admins in the dashboard)

• Manually manage legacy devices by adding, removing editing individual MAC addresses

• Audit the list of devices used to connect

Guest access

Tenants can create a dedicated, temporary passphrase for guests

• Can be enabled/disabled by Admins

• Tenants can generate in one click a dedicated passphrase for guests that gets disabled automatically at the end of the day

Passphrase option

Manual definition of passphrase policies

• Length of the passphrase

• list o characters used to generate the passphrase

• By default, Cusna avoids characters that can be easily confused

Onboarding Portals

Customizable web portals for end-users self-onboarding

• Unique short URL and QR code for each Network

• Universal URL where users can pick their network

• Taxonomy, content, logo and theme customization at global scope and for each network

• Advanced custom CSS style override

• Simplified publishing of portals on SSIDs as captive portals for some vendors such as Meraki

Passwordless Identification and Onboarding option

Allows tenants to get onboarding and access their service portal without passwords

• Existing Accounts can simply enter with their email address and click a magic link sent to their email to access the portal

• Both in case of IdP integration and or email whitelist definition, also new users can follow the same process with magic link and they are prompted to a registration form on their first access

• Possibility to define a list of domains to allow users to self-onboard if they have an email address with such domains (require email verification with magic link)

Self-registration process

Tenants are prompted to a registration step on their first access

• Compliance acceptance on first access

• Customizable list of profile attributes (first, last name, email, phone, etc..) to be collected

• Option to enable phone verification via OTP sent via SMS (require setup of Twilio Verify integration)

• Option to let tenants select their Unit (only free Units listed)

• Forced paid plan enrollment during first access if enabled by Admins

Passpoint

Option to let tenants onboard their devices with Passpoint

• Admins can decide to enable Passpoint onboarding or not (requires a dedicated SSID)

• Devices connecting via Passpoint will be assigned to the Account PAN in the future but right now are on a generic guest network

Accounts management

Ability to visualize and manage individual accounts

• Account summary view with search, filtering and status insights and bulk export in Excel

• Account profile page, with possibility to edit passphrase, VLAN, Unit and personal data

• Print WiFi service card with PPSK and QR code

• Account activity history logs

• Account service suspension

• Accounts delete

• Bulk import of accounts from XLS

Accounts service lifecycle management

Service activation and termination can be manage manually or automatic

• Schedule activation in a future date

• Schedule automatic termination on a future date

• Activation and termination date can be inherited form eterna IdP/PMS in case of self-onboarding

• Option to force an automatic expiration after a configurable number of days

• Option to notify accounts in advance, a configurable number of days before the scheduled service termination

• Account welcome and confirmed activation emails, branded with colors and logo of the Organization

Multiple Accounts types

Ability to differentiate between Tenants (people), and Things

• Tenants: represent individuals, passphrase is automatically generated and Accounts have personal metadata (emails, name, etc..)

• Spaces: dedicated for common spaces such as meeting rooms. Passphrase do not expire and can be set manually.

  • Auto-rotation: option to automatically rotate Space passphrase daily

• IoT Groups: dedicated to devices, usually fixed device sin the venues, that need to be connected with individual or group-based passphrase that can be automatically generated or specified manually

• Visitors: temporary accounts that gets automatically disabled at the end of the day

Visitors Access

Allows Visitors to get onboarded with a temporary account

• Allow visitors to register on the Onboarding portal filling a form

• By default Visitors are terminated at the end of the same day

• Visitors can optionall request a service extention until a certain date, by specifying a reason and desired date

• Admins are notified via email and can approve or reject the extentions requests in the dashboard

Groups

Ability to organize Accounts in Groups for simplified provisioning of shared configurations and policies

• Network-specific or Org-level Groups

• Default Group VLAN shared across all Accounts (optional)

• Option to make Group members shared the same passphrase

• Group-level Network Policy assigned to all Group members

• Group-level service activation date to enable all group member in bulk in the future

• Group-level termination date to terminate the service of all group members in the future

• Group-mapping option allows to map Groups inherited by the third party connected IdP (e.g. Ms Entra) with Cusna Group

• Option to block access only to the users mapped in one of the defined groups

Units

Ability to manage the inventory of units/room in a building and assign network devices

• Manual or automatic pre-assignment of Unit-level VLANs to simplify configuration of switches

• Assign Access Points to a unit to automatically configure cable ports to be in the same PAN ans the wireless devices (for supported vendors)

• Granular assignment of individual Access Point ports to different Accounts in the same Unit (for supported vendors)

• Unit-specific onboarding portal URL that allows deploying QR codes in Unit for simplified onboarding

• Unit selection can be enabled in the user registration form during initial onboarding

Observability and accountability

Ability to track the clients used by each account over time

• Tracking of all clients used by each Account to connect to the WiFi network (supported vendors only)

• Ability to manually block/allow specific Clients (supported vendors only)

• List is visible to both Admins in the dashboard and Tenants in the WiFi Portal

Legacy devices support

Onboarding and authentication of legacy devices via MAB

• Tenants can manually add/remove and mange personal legacy devices in the WIFI portal by specifying their MAC address

• Devices are authorized via MAC authentication and force in the same PAN as the client connected via PSK

• Can be use for both wired and wireless clients (required a dedicated SSID with MAB configured)

Support platforms integration

Ability to integrate the existing company support system in the WiFi Portal

• WiFi Portal can show a widget or links to the existing support channels

• Drift, FreshWorks (and anything on demand)

Native service billing

Allows to collect service fees directly form tenants

• Simplify company billing system setup via Stripe Connect

• Ability to create multiple service Plans with different network policies (bandwidth)

• Manual assignment of Plans to Accounts to force Accounts to select among available plans during onboarding

• Tenants can change plan, change payment details, consult payment history and see upcoming bills in their WiFi portal

• Admins can see billing details for each Account in the dashboard

Compliance

Set of capability for security and compliance

• Orgs must configure their own Privacy Policy and (optionally) terms of service that are presented to end user during onboarding

• Customizable Retention policy allows to automatically delete PII based on customizable timing

• Admin can enable 2-factor authentication to access the dashboard

• Complex password policies are enforced by default

Monitoring and assurance

Set of capability to help monitor and troubleshoot the service

• Admins can subscribe to receive email notifications about all anomaly events

• Anomaly dashboard shows all issue and anomalies

• Network status widget (for supported vendors) reports the status of the APs used int eh deployed networks and provide a list of all APs with related status and notes

Account administration

Enterprise grade account management

• Custom email sender for all service-related email communication

• Activity logs allows to audit the history of all operations occurred, from Account service lifecycle to setting changes

• Simplified Password changes in the dashboard for admins

• Option to force password reset option for Admins

• Ability to reset the workspaces to start fresh with new vendor integration

• Ability do terminate and delete account

• Intuitive dashboard with summary fo the service status, report of main KPIs

  • Widget reporting daily active clients connected on the deployed networks

  • Monitoring of current Monthly Active Accounts (MAA)

APIs

Offer the ability to integrate with external provisioning systems

• Accounts management APIs (create, edit, delete, activate, suspend)

Managing Organizations

MSPs have a dedicated dashboard where they can provision and manage their customers

• Create new Organization

• List of managed Organizations with summary of most important information

• Click to login in each Organization account with MSP-level permissions

• Granular control on enabled features and capabilities on each Organization

• Ability to permanently delete Organizations

Licensing

MSPs pay for what they consume across all Organizations based on Monthly Active Accounts

• Ability to set the Maximum MAA on each Organization to control costs

• License dashboard with license control

  • Current month MAA and Overages

  • Current and history of MAA Subscription

  • Report of MAA per each managed Organization per each Month of the last 12 months

• Ability to order MAA Allowance subscriptions to reduce Overage MAAs and save on costs

Service assurance

MSP can easily monitor issues and anomalies occurring across all their managed organizations

• Dashboard with the list of active anomalies across all Organizations, with multiple filters

• Option to receive Anomalies notifications in real time via email for all Admins

Account Administrations

MSPs can have multiple Admins with different roles

• MSP Admin with Owner role can:

  • create and edit other Admins

  • assign generic permissions or add the permissions to buy MAA Subscriptions and to activate new Organizations

  • transfer ownership to another Admin

MSP settings and control

MSPs can configure generic options that are imposed on all managed organizations

• Ability to filter the list of WiFi vendors that are available to managed organizations

• Custom support URL that overrides the default one in all Organization's dashboard

• Default privacy policy and terms of use that are configured as default one for all managed orgs

• Logo and access colors that are initialized as default ones for all new Organizations