Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Enable Passpoint on Your WLAN

SUMMARY Follow this procedure to integrate Juniper Mist™ with Passpoint for secure user authentication.

You can integrate Juniper Mist™ with Passpoint® (formerly called Hotspot 2.0), which allows automatic secured connections for mobile devices to support various use-cases, such as public guest networks, carrier Wi-Fi offload, Eduroam services and many more.


For more information about Passpoint, see information on the Wi-Fi Alliance site.

Juniper Mist provides templates for each operator and service provider, removing the complexity that was historically associated with Passpoint configuration. You need only to enable Passpoint on the WLAN and configure your RADIUS or RadSec authentication server according to the guidance from your Passpoint service provider.

To enable Passpoint on your WLAN:
  1. In the Juniper Mist portal, navigate to the WLAN or create one.

    For help, see Configure a WLAN Template or Adding a WLAN.

  2. In the Security section, select WPA3 or WPA2
  3. Select Enterprise (802.1X).
  4. In the Passpoint section, select Enabled and then click + to select your Operators (service providers).
    Enabling Passpoint and Selecting Operators
    Selecting an operator loads the 802.11u settings that are required by the service provider.
  5. (Optional) Enter a Venue Name.

    The access point (AP) uses this value to advertise the location. Leave this field blank, the AP will advertise the site name as the venue.

  6. (Optional) Click Advanced Settings to customize your settings.

    Enter the following values:

    • Domain Name—Identifies the realm of administrative authority

    • Roaming Consortium ID—Used for Wi-Fi Hotspot 2.0 negotiation

    • NAI Realm (Network Access Identifier)—Used for Wi-Fi Hotspot 2.0 negotiation.


    Configuring the Advanced Settings will override parameters that are inherited from the high-level operator template.

  7. In the Authentication Servers section, click Add Server, select the server type (RADIUS or RadSec), then enter the information, and click the checkmark to save the settings.

    Consult with your Passpoint service provider to ensure that you configure the correct RADIUS or RadSec settings.

  8. Save the WLAN settings.

    If the WLAN is in a WLAN template, ensure that you've applied the template to the desired site(s).

  9. If you are using RadSec, manage your certificates as follows:
    1. To obtain your Mist certificate, go to Organization > Admin > Settings. You'll find the certificate under Mist Certificate.

    2. Obtain the RadSec certificate from your RadSec server provider.

    3. Obtain the AP certificate from your Passpoint Provider or Authentication Broker.

    4. To add your certificates to Mist, again go to Organization > Admin > Settings. You'll add your certificates under RadSec Certificates and AP RadSec Certificate.

    Certificate Management Options on the Organization Settings Page