Enable Client Onboarding with a BYOD PSK Portal
Set up a client onboarding workflow for a Bring Your Own Device (BYOD) Preshared Key (PSK) Portal. These portals allow users to self-provision PSKs.
When everything is set up, the “workflow” for the BYOD PSK Portal will look like this:
Before You Begin
- Obtain and activate a Juniper Mist™ Access Assurance subscription. For information about subscription management, see the Juniper Mist Management Guide.
- In your Juniper Mist organization, configure at least one organization-level WLAN with Multi-PSK enabled (either local or cloud PSK options are fine). For help with WLAN configuration, see the Juniper Mist Wireless Assurance Configuration Guide.
-
In your IdP admin console, configure a SAML 2.0 app integration. Your PSK portal will integrate with this application to enable Single Sign-On (SSO) access to your portal users. You can use a wide variety of IdPs (such as Okta and Microsoft Azure), as long as they support SAML 2.0. For help setting up a SAML 2.0 app integration, see your IdP documentation.
Copy the following information from your SAML 2.0 app integration, and save it so that you can use it to set up your PSK portal in Juniper Mist.
-
Signing Algorithm
-
Issuer ID
Note:Your IdP admin console might show a different name for the Issuer ID. For example:
-
In Okta, this value is called Identity Provider Issuer.
-
In Azure, it's called Azure AD Identifier.
-
-
SSO URL
Note:Your IdP admin console might show a different name for the SSO URL. For example:
-
In Okta, this value is called Identity Provider Single Sign-On URL.
-
In Azure, it's called Login URL.
-
-
Certificate—Copy the full text of the certificate, from the BEGIN CERTIFICATE line through the END CERTIFICATE line.
-
To set up client onboarding with a BYOD PSK Portal: