Personal WiFi Docs
  • Getting Started
  • WiFi Integration
    • Summary of supported WiFi vendors
      • Cisco Meraki
        • Meraki oAuth integration
      • Cisco Catalyst WLC (IOS-XE)
      • Cisco Meraki Easy PSK
      • Aruba - Unbound MPSK
      • Fortinet (FortiGate Secure Wireless Controller)
      • Extreme Networks
      • Ruckus SmartZone
      • Cambium cnMaestro
      • Juniper (Mist)
      • TP-Link Omada
      • Huawei - iMaster NCE-Campus
  • Service management
    • Dashboard
    • Managing Accounts
    • Groups
    • Managing Networks
      • Network Managers
    • Units
    • General options
      • Personal Area Networks (PAN)
      • Service Options
      • Organization details
    • Network Policies
    • WiFi Portal & Onboarding
      • Access Control options
      • WiFi Portal options
      • IoT Devices Authentication
      • WiFi Portal distribution
    • Visitors (beta)
    • Admins
      • Multi Organizations
    • Account settings
    • My Profile
    • Support platforms integrations
    • Service Monitoring and Assurance
      • Anomalies
      • Activity Logs
      • Network Health
  • Cloud Identity Platforms integrations
    • Coworking management platforms
      • Optix
      • Office RnD
      • Nexudus
      • Andcards
    • Property Management Systems
      • Oracle Opera Cloud
      • Mews
      • Cloudbeds
      • Apaleo
      • StarRez
    • Enterprise cloud IdPs
      • Microsoft Entra ID (SAML)
      • Microsoft Entra ID (oAuth)
      • Google Workspace (oAuth)
      • Shibboleth
      • Group mapping
    • Passwordless SSO
      • Custom HTTP Request
  • MSP Operations
    • MSP Dashboard
    • MSP Account settings
  • Add-ons
    • Billing
    • White label
    • Passpoint
    • SMS Services - via Twilio
  • APIs
    • Getting Started
    • Account management
  • PRODUCT
    • Coming soon...
      • Engenius Cloud
      • Zyxel Nebula (Pro)
    • Changelog
    • Datasheet
  • Solution guides
    • Student living
      • Sample FAQ: WiFi for the Resident Hall
    • BYOD
Powered by GitBook
On this page
  • Overview
  • Network setup
  • Onboarding
  • Service lifecycle management
  • Setup demo

Was this helpful?

  1. Solution guides

Student living

Overview

Campuses and universities are complex environments with a wide range of use cases to address. Cusna, with its PPSK-based connectivity approach, is the ideal solution for providing universal access to managed networks in both on-campus and off-campus living environments. Moreover, once a PPSK is assigned to students, it can also be used on networks beyond the residences and across the campus.

Network setup

The setup of the infrastructure depends significantly on the vendor chosen for the project and the number of end users it needs to support.

When using network-based PPSK technology (where PPSKs are deployed and managed within network elements), there are often limitations on the number of PPSKs that can be assigned per network segment (learn more).

For example, if the technology limits the number of PPSKs to 5,000 per network, and the campus serves more than 5,000 students, it may be necessary to segment the deployment into multiple networks, such as one network per dormitory or site. In this setup, each PPSK would function only within the network it was assigned to.

To allow students to connect to networks outside their assigned dormitory, they can be encouraged to download a Passpoint profile from their WiFi portal onto their portable devices.

Onboarding

Students can self-onboard through the WiFi Portal, which serves both as the initial onboarding platform and a hub for managing their service preferences.

The WiFi Portal URL can be shared in several ways, such as:

  • Including it in welcome emails and onboarding communications.

  • Publishing it in a documentation article on the university’s website or WiFi information page.

  • Incorporating it into onboarding materials distributed to students.

Onboarding flow with Google as IdP
Onboarding flow with Microsoft Entra

Service lifecycle management

Once students are activated, they can access the network with all their devices.

Most IdPs, particularly those relying on the SAML protocol (e.g., Shibboleth), do not provide information about when a user’s access should be terminated. In such cases, planning a de-onboarding strategy is essential.

Another strategy is to assign a generic expiration date to the group the students belong to. In this setup, all users in the group will have their accounts terminated on the configured date.

Setup demo

PreviousDatasheetNextSample FAQ: WiFi for the Resident Hall

Last updated 5 months ago

Was this helpful?

Once students access the portal, they can log in using their school credentials. Typically, external IdPs such as , , or Shibboleth are used for authentication. Administrators must configure the IdP integration in the Cusna dashboard, including setting options such as group mapping and filtering in the onboarding settings.

A common configuration in this scenario is enabling authentication via (using school credentials). The button label presented to students can be customized, for example, “Access with your school credentials.”

A passwordless login option allows students who have already onboarded to log in using just their email address. However, adding this option may create unnecessary complexity and confusion for students. Therefore, it is recommended to disable this feature in such cases ().

If they encounter issues connecting a device using PPSK, the option can be enabled. This allows students to enter their device’s MAC address for authorization via RADIUS. Administrators can assist students by adding and managing these devices through the Dashboard on the Account profile page.

A simple and effective approach is to enable an of service after a set number of days (e.g., every 90 days). Students are in advance and can easily renew their account by visiting the portal and logging in with SSO.

Microsoft Entra
Google
MAC bypass
automatic suspension
notified via email
IdP SSO
learn more