Onboard a Windows device to a wired network with credentials

In this topic, you will learn how to onboard using credentials, a Windows 10 computer, and a wired network managed by Portnox™ Cloud.

Note: The user interface and the names of options may differ slightly for other Windows versions.
Note: If your instance is integrated with Microsoft Azure (Entra ID) and your Azure access policy enforces multi-factor authentication (MFA), to log in using credentials you need to set up a MFA bypass by following the steps in this topic: Bypass multi-factor authentication in Entra ID.
  1. Open the Windows 10 Network and Sharing Center window (Control Panel > Network and Internet > Network and Sharing Center) and click on the Change adapter settings option.

  2. Right-click on the Ethernet connection that represents the adapter connected to the wired network managed by Portnox Cloud and select the Properties option from the pop-up menu.

  3. In the Ethernet Properties window, click on the Authentication tab and in the Choose a network authentication method field, select Microsoft: EAP-TTLS. Then, click on the Settings button.

    Note: If there is no Authentication tab, open the Windows Services app, find the Wired AutoConfig service, Start it, and in its Properties, set Startup type to Automatic.
  4. In the TTLS Properties window, select the certificate to validate the authenticity of the RADIUS server, and in the Client authentication section, select the supported authentication method.

    Note: For extra security, we recommend that in addition to activating the DigiCert Trusted Root G4 certificate (the root CA certificate) on the Trusted Root Certification Authorities list, you also enter clear-rad.portnox.com in the Connect to these servers field. If so, only certificates that have this domain name in Subject or SAN will be trusted. Do not activate this checkbox leaving the field empty, because this will cause connectivity problems. To learn more about this option, read the following topic: Trusted certificate server names.
    Note: The authentication method is the method used to communicate with internal or external authentication repositories. Different repositories may support different methods. For example, cloud-based repositories like Microsoft Azure (Entra ID), Google Workspace, and Okta supports PAP only, but AD supports MSCHAP. If you don’t know the correct method for your user repository, try different ones to see which one works. We also recommend that you read the following topic about the security of different authentication methods: EAP methods and their security.
  5. Click on the OK button to close the TTLS Properties window. Click again on the OK button to close the Ethernet Properties window.

    You can do this step later, after you successfully connected to the network.

  6. When you connect the adapter to the network, Windows shows the Sign in window. In the Sign in window, enter your credentials, and click on the OK button.

    You can also enter your identity in the down-level logon name format: domain\user, for example, vorlon.com\kosh.

Result: Your Windows 10 computer is connected to a wired network managed by Portnox Cloud.

Troubleshooting information: See the following topic: How to troubleshoot typical device onboarding issues.