Meraki

Community

Trusted Access - How do I onboard user?

BK2
New here
Saturday
Saturday

Trusted Access - How do I onboard user?

I used to have AD + NPS (RADIUS) + ADCS to handle 802.1x authentication requests.
When a new employee joined, they would log in Windows with their corporate ID and password, and they were automatically connected to the secure Wi-Fi because the Wi-Fi settings were pushed via GPO.


Now, I’m moving to Azure AD. I find that Microsoft Azure AD-joined devices can’t use NPS (RADIUS) directly. So, I started looking into Meraki Trusted Access.

My main question is: How do I set up the system so that onboarding users can simply sign in to Windows and be automatically connected to the secure network?
If users need to access the portal (e.g., portal.meraki.com) to download a profile, how can they do that if they don’t yet have access to the network since authentication is required?
I think I’m confused. What are the proper steps or best practices for using Meraki Trusted Access for onboarding new users?

 

Do I need to set up a guest network for users to onboard? If yes, I’m concerned that users will stay on the guest network and never follow the instructions for Meraki Trusted Access. They will probably call IT when they can’t access resources because they haven’t completed the Trusted Access setup. Many people in my organization are not IT-savvy, so I need to minimize the steps required for them to get things working. Asking employees to log in to portal.meraki.com just to gain access to corporate Wi-Fi feels excessive, especially since they already have access to the internet on the guest network

Any help would be greatly appreciated. 

 

Thank you!

0 Kudos
4 Replies 4
RWelch
Head in the Cloud
Saturday
Saturday

Trusted Access for Secure Wireless Connectivity - Setup Guide 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
RWelch
Head in the Cloud
Saturday
Saturday

Trusted Access for Secure Wireless Connectivity - Onboarding Guide 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

>How do I set up the system so that onboarding users can simply sign in to Windows and be automatically connected to the secure network?

 

When you setup Trusted Access it deploys a certificate onto the users machine, and that certificate is used to authenticate the user to WiFi.  Once setup the user does not need to do anything.

 

>If users need to access the portal (e.g., portal.meraki.com) to download a profile, how can they do that if they don’t yet have access to the network since authentication is required?

 

You can use Entra ID authentication, and have users authenticate with their Office 365 credentials.

 

>Do I need to set up a guest network for users to onboard?

 

You could create a provisioning SSID that only alows them to onboard their devices and not access anything else.

 

 

Another option you could consider using is Cloud PKI in Intune where the entire certificate process can be automated with no user involvement, but it does cost a LOT more.

https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview

 

 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Also note that Trusted Access certificates are only good for 2 years, and must be re-deployed then.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.