What is onboarding in Portnox Cloud?

In this topic, you will learn about the meaning of the term onboarding and the activities that are considered part of onboarding in Portnox™ Cloud.

What is onboarding?

In Portnox Cloud, we use the term onboarding to refer to all the manual activities that a user must do to connect their devices to networks managed by Cloud, as well as to automatic activities and configurations pushed to devices by administrators.

Portnox Cloud offers you several ways to authenticate with your network, and the Cloud administrator decides which ones are available to the users in the company.

In addition to manual onboarding by the user, the Portnox Cloud administrator can also do automatic onboarding of company devices using an endpoint management solution such as Microsoft Intune or Jamf.

The following are the different types of onboarding:

Onboarding with credentials

The Portnox Cloud administrator can permit users to authenticate manually using credentials, which typically include a login and password. If you have integrated Cloud with an external authentication repository, Cloud communicates with that repository to verify the user’s credentials. Users with contractor accounts receive their network access password via email when the administrator creates their account in Cloud.

If the user is onboarding with credentials, they can configure their network connection manually or they can use the Portnox Cloud self-onboarding portal to receive and run a provisioning file. Cloud offers provisioning for iOS, Windows, and macOS (not for Android or Linux).

Note: If you would like to onboard using credentials, please read the following topic on the security of credential-based authentication: EAP methods and their security.

The following are examples of onboarding manually using credentials:

The following are examples of onboarding using the self-onboarding portal and credentials:

Onboarding with certificates

The Portnox Cloud administrator can require users to authenticate using a user/device certificate. To begin the manual onboarding process using a certificate, the user needs to go to the self-onboarding portal. In this portal, they receive a certificate to download, which they need to install on their device. After they install the certificate, they need to configure their operating system to connect to the network using the certificate. They can configure the operating system using the self-onboarding portal and provisioning (for supported operating systems) or manually.

The following are examples of onboarding using certificates:

Onboarding with AgentP

The simplest way to onboard users in Portnox Cloud is by using a lightweight software agent called Portnox AgentP, which is compatible with popular operating systems on computers and mobile devices. The user can download and install AgentP from the Download Portnox AgentP page or from the official application store for their mobile device. You can read more about the benefits of AgentP in the following topic: What is the Portnox AgentP?.

To onboard with AgentP, the user runs AgentP, logs in with their credentials or through integration with an authentication repository. Then, AgentP takes care of network configuration as well as downloads and installs the necessary certificates (in operating systems other than Windows, you must configure wired networks manually).

The following are examples of onboarding using AgentP:

Onboarding with MAC addresses

Apart from manned devices like mobiles and computers, Portnox Cloud also allows you to connect unmanned devices such as printers, scanners, surveillance cameras, and other IoT equipment. Since these devices don’t support the 802.1x protocol, they can’t authenticate using credentials or certificates, and it’s not possible to install AgentP on them. In such cases, these devices are identified based on their MAC addresses.

When connecting these devices to wired networks, you only need to physically connect them using an Ethernet cable. However, when connecting them to company Wi-Fi networks, additional setup may be required. For example, some devices might prompt you to enter a password for the company network, even if that network uses the WPA2 Enterprise protocol, which doesn’t support a common password.

The following are examples of onboarding using MAC addresses:

Automatic onboarding with endpoint management