Juniper Mist Access Assurance

The Juniper Mist Access Assurance cloud service provides secure wired and wireless network access control based on user and device identities. The service enforces Zero-Trust network access policies for guest, IoT, BYOD, and corporate devices. Cloud-hosted, microservices-based authentication simplifies IT operations by delivering a full suite of access controls within a flexible yet simple authorization policy framework. With integrations for a range of endpoint management solutions, Access Assurance can assess user and device posture, verify eduroam credentials, and validate other identity provider (IdP) credentials to control network access.

Access Assurance includes Juniper Mist IoT Assurance capabilities as part of a single subscription offering. IOT Assurance simplifies the onboarding of headless IoT and BYOD devices via a Multiple Pre-Shared Key (MPSK) mechanism. This leverages MPSK or Private Pre-Shared Key (PPSK) as  identity and policy vectors.

Key Features

  • Client-first experience
  • Granular identity fingerprinting
  • Network policy enforcement 
  • High availability and geo-affinity
  • Single-pane-of-glass management 
  • Automatic software updates
  • API-driven architecture

Features + Benefits

Client-first experience

Access Assurance provides a holistic, unified view of the client connectivity experience and can easily identify a problem and perform root-cause analysis. All client events, including connection and authentication successes and failures, are captured by the Juniper Mist cloud, simplifying day-to-day operations and quickly identifying end user connectivity issues.

Granular identity fingerprinting

Access Assurance provides identity fingerprinting based on X.509 certificate attributes. It also uses IdP information, such as group membership, user account state, mobile device management (MDM), unified endpoint management (UEM) compliance and posture state, client lists, and user location, for more granular fingerprinting.

Network policy enforcement

Based on user and device identity, Access Assurance can instruct the network to assign users specific roles and group them into network segments using VLAN or Group-Based Policy (GBP) technology. The service can then enforce network policies associated with each segment.

High availability and geo-affinity

With Access Assurance, organizations gain reliable, low-latency network access control whether they need to cover a single location or a multisite deployment. Juniper has deployed cloud instances of Access Assurance in multiple regional locations to direct authentication traffic to the nearest instance for optimal response times.

Cloud-native platform

Leveraging the Juniper Mist cloud-native, full-stack network management platform, Access Assurance removes the infrastructure requirements of other network access vendors’ solutions and enables consistent client experiences, regardless of location.

Automatic software updates

The Juniper Mist microservices-based cloud architecture automatically optimizes Access Assurance by adding new features, security patches, and updates on a bi-weekly basis without interruptions or service downtime.

External directory services support

Access Assurance provides authentication services by integrating external directory services, such as Google Workspace, Microsoft Azure Active Directory, Okta Workforce Identity, and others. It also integrates external Public Key Infrastructure (PKI) and MDM/UEM platforms.

100% programmable APIs

The Juniper Mist platform is fully programmable using open APIs for easy integration with external security information and event management (SIEM), IT service management, and other platforms for both configuration and policy assignment.

Find Juniper Mist Access Assurance in these solutions


With the right solutions, IoT unlocks efficiencies to provide a positive customer experience, which drives stickiness into brand and product loyalty, ultimately resulting in increased revenue. Juniper Networks can unlock the full potential of your network and enable hassle-free management of IoT devices at any scale. Our seamless connectivity and security capabilities work across any network, any cloud, anywhere.

Wireless Access

AI-Native automation and insight, coupled with the agility and reliability of a microservices cloud, deliver optimized wireless access experiences and simplified network operations.

Wired Access

The wired portfolio, coupled with wireless, combines performance and simplicity at scale while delivering optimized experiences to users and devices with AI-Native insights and automation.

AIOps Driven by Mist AI

Juniper transforms IT operations with Mist AI and a virtual network assistant for self-driving capabilities and AI-Native support. Mist AI optimizes user experiences from client to cloud and simplifies IT operations across the WLAN, LAN, and WAN

Juniper Mist Access Assurance FAQs

Who should deploy Juniper Mist Access Assurance?

The Juniper Mist Access Assurance cloud service is essential for organizations of all types and sizes that want to protect their network and data from unauthorized access. Any business or institution with a network of multiple users and devices, such as employees, guests, contractors, and IoT devices, can benefit by using Access Assurance to help improve its security posture.

What are the primary functions of Access Assurance?

The cloud-native Access Assurance service controls who can access your network using a Zero-Trust approach, enforces security policies, and helps guard against malware and other security threats. You can also use it to ensure compliance with regulatory requirements and improve overall network visibility and control.

What unique advantages does Juniper Mist Access Assurance provide?

Access Assurance offers numerous features that help enterprises tighten network and data security:

  • Secure network access control for guest, IoT, BYOD, and corporate devices based on user and device identities. These capabilities are delivered using 802.1X authentication or, for non-802.1X devices, the MAC Authentication Bypass (MAB) protocol
  • A microservices-based cloud architecture for maximum agility, scalability, and performance. Regional service instances minimize latency for enhanced user experiences
  • 100% programmability. The service supports open APIs for full automation and seamless integration with external SIEM and ITSM systems for both configuration and policy assignment
  • Visibility into end-to-end user connectivity and experience levels across the network stack
  • Optimized Day 0/1/2 operations through a unified IT management experience across the full network stack, including wired and wireless LAN access

How are Juniper Mist Access Assurance and Juniper Mist IoT Assurance related?

Access Assurance builds on IoT Assurance to deliver unified controls for the 802.1X authentication-based onboarding and management of corporate devices and the MAC-less onboarding of non-802.1X IoT and BYOD devices. The Access Assurance subscription includes IOT Assurance functionality to manage access control for all clients and devices on your network.

What network devices and connections does Juniper Mist Access Assurance support?

Access Assurance works with a diverse range of both wired and wireless LAN-connected devices and enables administrators to bring them into compliance. Among them are:

  • Traditionally managed devices, such as corporate-owned laptops, tablets, and smartphones
  • Unattended IoT and other M2M devices
  • Manageable but traditionally unmanaged devices, such as user-owned computers and phones (BYOD)
  • Shadow IT devices
  • Guest devices

How does Juniper Mist Access Assurance differ from traditional network access control (NAC)?

Network access control (NAC) is a decades-old security technology for network device onboarding and policy management. However, traditional NAC suffers from architectural challenges. For example, the explosion of different unattended device types, complexities of disaggregated networks, and on-premises NAC implementations expose ever-increasing risks and vulnerabilities.

The Access Assurance cloud-native solution solves these problems by verifying the following information before allowing a device to connect:

  • Who is trying to connect (determined using identity fingerprinting and user context)
  • Where the connection is originating, such as a specific site or VLAN 
  • What permissions and other access policies are associated with the user and the device attempting to connect
  • How the user/device is attempting to establish access and what type of network connection they are using

What is 802.1X authentication?

802.1X is an Ethernet LAN authentication protocol used to provide secure access to a computer network. It’s a standard defined by the Institute of Electrical and Electronics Engineers (IEEE) for port-based network access control. As such, its main purpose is to verify that a device attempting to connect to the network is actually what it claims to be. 802.1X is commonly used in enterprise networks to protect against unauthorized access, enforce security policies, and make sure that data transmitted over the network is secure.

What is MAC Authentication Bypass (MAB)?

MAB is a network access control protocol that bases a grant or deny decision exclusively on the endpoint’s media access control (MAC) address. It’s often used within the context of a larger, standard 802.1X authentication framework for the subset of devices that don’t support 802.1X client, or supplicant, software, such as M2M/IoT and BYOD devices.