What is onboarding in Portnox Cloud?
In this topic, you will learn about the meaning of the term onboarding and the activities that are considered part of onboarding in Portnox™ Cloud.
What is onboarding?
In Portnox Cloud, we use the term onboarding to refer to all the manual activities that a user must do to connect their devices to networks managed by Cloud, as well as to automatic activities and configurations pushed to devices by administrators.
Portnox Cloud offers you several ways to authenticate with your network, and the Cloud administrator decides which ones are available to the users in the company.
In addition to manual onboarding by the user, the Portnox Cloud administrator can also do automatic onboarding of company devices using an endpoint management solution such as Microsoft Intune or Jamf.
The following are the different types of onboarding:
Onboarding with credentials
The Portnox Cloud administrator can permit users to authenticate manually using credentials, which typically include a login and password. If you have integrated Cloud with an external authentication repository, Cloud communicates with that repository to verify the user’s credentials. Users with contractor accounts receive their network access password via email when the administrator creates their account in Cloud.
If the user is onboarding with credentials, they can configure their network connection manually or they can use the Portnox Cloud self-onboarding portal to receive and run a provisioning file. Cloud offers provisioning for iOS, Windows, and macOS (not for Android or Linux).
The following are examples of onboarding manually using credentials:
-
Onboard a Windows device to a Wi-Fi network with credentials
-
Onboard a Windows device to a wired network with credentials
-
Onboard an Android device to a Wi-Fi network with credentials
For more platforms, see the menu on the left-hand side.
The following are examples of onboarding using the self-onboarding portal and credentials:
-
Onboard a Windows device to a wired network with credentials through self-onboarding
-
Onboard a Windows device to a Wi-Fi network with credentials through self-onboarding
-
Onboard a macOS device to a Wi-Fi network with credentials through self-onboarding
For more platforms, see the menu on the left-hand side.
Onboarding with certificates
The Portnox Cloud administrator can require users to authenticate using a user/device certificate. To begin the manual onboarding process using a certificate, the user needs to go to the self-onboarding portal. In this portal, they receive a certificate to download, which they need to install on their device. After they install the certificate, they need to configure their operating system to connect to the network using the certificate. They can configure the operating system using the self-onboarding portal and provisioning (for supported operating systems) or manually.
The following are examples of onboarding using certificates:
-
Onboard a Windows device to a wired network with certificates
-
Onboard a Windows device to a Wi-Fi network with certificates
-
Onboard an Android device to a Wi-Fi network with certificates
For more platforms, see the menu on the left-hand side.
Onboarding with AgentP
The simplest way to onboard users in Portnox Cloud is by using a lightweight software agent called Portnox AgentP, which is compatible with popular operating systems on computers and mobile devices. The user can download and install AgentP from the Download Portnox AgentP page or from the official application store for their mobile device. You can read more about the benefits of AgentP in the following topic: What is the Portnox AgentP?.
To onboard with AgentP, the user runs AgentP, logs in with their credentials or through integration with an authentication repository. Then, AgentP takes care of network configuration as well as downloads and installs the necessary certificates (in operating systems other than Windows, you must configure wired networks manually).
The following are examples of onboarding using AgentP:
-
Onboard a Windows device to a Wi-Fi or wired network with AgentP
-
Onboard a macOS device to a Wi-Fi or wired network with AgentP
For more platforms, see the menu on the left-hand side.
Onboarding with MAC addresses
Apart from manned devices like mobiles and computers, Portnox Cloud also allows you to connect unmanned devices such as printers, scanners, surveillance cameras, and other IoT equipment. Since these devices don’t support the 802.1X protocol, they can’t authenticate using credentials or certificates, and it’s not possible to install AgentP on them. In such cases, these devices are identified based on their MAC addresses.
When connecting these devices to wired networks, you only need to physically connect them using an Ethernet cable. However, when connecting them to company Wi-Fi networks, additional setup may be required. For example, some devices might prompt you to enter a password for the company network, even if that network uses the WPA2 Enterprise protocol, which doesn’t support a common password.
The following are examples of onboarding using MAC addresses:
-
Onboard an IoT device by creating a MAC-based account using the registration portal
-
Onboard IoT devices by creating MAC-based accounts automatically
For more platforms, see the menu on the left-hand side.
Automatic onboarding with endpoint management
If you use an unified endpoint management (UEM) solution such as Microsoft Intune or Jamf, you can distribute configurations and/or request certificates using the SCEP protocol for all your company devices and your users don’t need to onboard manually.
The following are examples of onboarding using UEM solutions:
-
Onboard Windows devices with certificates using Microsoft Intune and SCEP
-
Onboard Chromebooks with certificates using Google Workspace and SCEP
-
Onboard Windows devices with AgentP in unattended or kiosk mode
For more platforms, see the menu on the left-hand side.