Onboard a Chromebook to a Wi-Fi network with certificates

In this topic, you will learn how to onboard using certificates, the self-onboarding portal, a ChromeOS device such as a Chromebook, and a Wi-Fi network managed by Portnox™ Cloud.

To onboard to a network using a certificate, you need to generate, download, and install the user/device certificate, and then configure your operating system to connect to the network using this certificate. You can configure your operating system semi-automatically using provisioning or manually.

If you already downloaded and installed the certificate for the same device, for example, to authenticate with another type of network, you don’t need to install the certificate again and you should skip the relevant steps.

Download and install the certificate

In this section, you will generate, download, and install the user certificate on your device.

  1. Enter the URL of the self-onboarding portal in your browser.

    To learn how to set up the self-onboarding portal and obtain the URL, see the following topic: Set up the self-onboarding portal.

  2. In Step 1, select the third option: CLEAR account certificate management and click on the Next button.

  3. In Step 2, you can select the Corporate email address option or the Corporate username and password option. Select the Corporate email address option if Portnox Cloud manages your user repository. Select the Corporate username and password option if you have integrated Cloud with an external repository. Proceed with the following steps depending on your choice.
  4. If you have chosen Corporate email address:
    Important: Only choose the Corporate email address option if Portnox Cloud manages your user repository. Cloud manages the user repository if it’s not integrated with any external repositories such as Microsoft Azure (Entra ID), Google Workspace, or Okta Workforce Identity.
    1. In the Email field, enter your corporate email address and click on the SIGN IN button.

      If you activate the Automatically generate secure password and send me by email checkbox, you will receive a separate email with a Portnox Cloud password. If so, you should use this password in the next steps.

    2. Open your email client and find the email received from Portnox Cloud containing a one-time activation code. Copy this code to the clipboard.

      If you activated the Automatically generate secure password and send me by email checkbox in the previous step, do not confuse the password email with the code email. They are two separate emails.

    3. In the self-onboarding portal, paste the code in the Activation code field and click on the CONFIRM button.

  5. If you have chosen Corporate username and password:
    1. Click on the tile that represents the authentication repository you want to use to sign in. If you want to use Okta Workforce Identity, enter your Okta login and password and click on the SIGN IN button.

      Note: Options depend on the repositories integrated with Portnox Cloud: Microsoft Azure (Entra ID), Google Workspace, and/or Okta Workforce Identity.
    2. Complete the steps needed to sign in. These steps depend on the chosen authentication repository.
  6. Click on the OBTAIN CERTIFICATE button to download the user certificate generated for your device.

    Note: If you want to replace a certificate you created earlier, for example, because the old one expires soon, click on the REISSUE CERTIFICATE button instead.
  7. Enter the following URL in the title bar of your Chrome browser: chrome://settings/certificates and press the  ↩  key.

  8. In the Manage certificates pane, click on the Import and Bind button.

  9. Select the certificate file you downloaded earlier and click on the Open button.

    You can recognize the file by the .p12 extension.

  10. In the Enter your certificate password pop-up, leave the password empty and click on the OK button.

Result: You downloaded and installed the certificate.

Configure the connection

In this section, you will configure your network to use the installed certificate.

  1. Click on the  ⌔  icon in the notification area to open the Status Tray.

  2. Click on the  ▼  icon next to the current network name in the Status Tray to show the list of available Wi-Fi networks.

  3. Click on the name of the network managed by Portnox Cloud to connect to it.

  4. In the Join Wi-Fi network window:

    1. In the EAP method field, select EAP-TLS.
    2. In the Server CA certificate field, leave the Default value.
    3. In the Domain suffix match field, enter portnox.com.
    4. In the User certificate field, select the certificate imported earlier.
    5. In the Identity field, enter your corporate email address.
    6. Click on the Connect button to connect to the network.

Result: Your ChromeOS device is connected to a Wi-Fi network managed by Portnox Cloud.

Troubleshooting information: See the following topic: How to troubleshoot typical device onboarding issues.