Onboard a Windows device to a Wi-Fi network with credentials

In this topic, you will learn how to onboard using credentials, a Windows 10 computer, and a Wi-Fi network managed by Portnox™ Cloud.

Note: The user interface and the names of options may differ slightly for other Windows versions.
Note: If your instance is integrated with Microsoft Azure (Entra ID) and your Azure access policy enforces multi-factor authentication (MFA), to log in using credentials you need to set up a MFA bypass by following the steps in this topic: Bypass multi-factor authentication in Entra ID.
  1. Open the Windows 10 Network and Sharing Center (Control Panel > Network and Internet > Network and Sharing Center).
  2. Click on the Set up a new connection or network link.

  3. In the Set Up a Connection or Network window, select the Manually connect to a wireless network option and click on the Next button.

  4. In the Manually connect to a wireless network window, enter the name (SSID) of the network managed by Portnox Cloud in the Network name field and select the WPA2-Enterprise option in the Security type field. Then, click on the Next button.

  5. Click on the Change connection settings link.

  6. Click on the Change connection settings link.

  7. In the Wireless Network Properties window, click on the Security tab, in the Choose a network authentication method field, select Microsoft: EAP-TTLS, and click on the Settings button.

  8. In the TTLS Properties window, in the Client authentication section, select the supported authentication method.

    Note: This authentication method is the method used to communicate with internal or external authentication repositories. Different repositories may support different methods. For example, cloud-based repositories like Microsoft Azure (Entra ID), Google Workspace, and Okta supports PAP only, but AD supports MSCHAP. If you don’t know the correct method for your user repository, try different ones to see which one works. We also recommend that you read the following topic about the security of different authentication methods: EAP methods and their security.
    Important: To make sure that the network you connect to is not spoofed, we recommend that in the Trusted Root Certification Authorities list, you find and activate all DigiCert certificates as well as the clear-rad.portnox.com certificate, if present.
  9. Click on the OK button to close the TTLS Properties window. Click again on the OK button to close the Wireless Network Properties window. Click on the Close button to close the Manually connect to a wireless network window.

    You can do this step later, after you successfully connected to the network.

  10. In the Windows Notification Area (System Tray), click on the network icon to open the list of available Wi-Fi networks, and select the network configured in previous steps.

  11. Click on the Connect button.

  12. Optional: If your group is configured for credential-based authentication, Windows shows the Sign in window. Enter your credentials, and click on the OK button.

    You can also enter your identity in the down-level logon name format: domain\user, for example, vorlon.com\kosh.

    If your group is configured for certificate-based authentication, the Sign in window is not displayed because it is not necessary.

  13. If the Continue connecting? message appears, click on the Connect button.

Result: Your Windows 10 computer is connected to a Wi-Fi network managed by Portnox Cloud.

Troubleshooting information: See the following topic: How to troubleshoot typical device onboarding issues.