UPSK and Self Registration

10 min

the nile access service offers the unique passphrase (upsk) feature to enhance the security of wireless network access unlike traditional pre shared key (psk) wireless networks, where a single key is shared among all devices, upsk assigns a unique key to every authenticated user or device nile also provides a self registration portal that allows users to securely onboard their devices, including byod and corporate assets, using upsk and single sign on (sso) authentication the unique passphrase (upsk) feature in the nile access service enables secure network access for a wide range of devices, including internet of things (iot) equipment, av equipment, and employee owned devices upsk for headless devices for headless devices that cannot accommodate 802 1x authentication, nile supports the use of upsk with an external radius server (such as cisco ise or aruba clearpass) or the nile cloud as an administrator, you can generate upsk keys for these devices in the following ways log in to the nile customer portal and register the device's mac address nile can generate a unique key, or you can enter your own bulk upload a csv file with mac addresses and upsk values use the nile api to register mac addresses and generate upsk keys upsk for employee owned devices nile's self registration portal allows employees to securely onboard their own devices, such as laptops, phones, and tablets, using upsk and single sign on (sso) authentication when an administrator enables sso and a upsk enabled wireless service, a self registration portal link is generated this link can be embedded in the my nilesecure com page or the nile hosted guest page, allowing employees to access it from anywhere after successfully authenticating through the organization's identity provider (idp), employees can generate a upsk for their devices and connect to the upsk enabled wireless service upsk configuration in the nile customer portal to configure upsk in the nile access service, follow these steps in the "settings" > "wireless" section of the nile customer portal, create a "personal" ssid and enable the "enable sso" option enter a pre shared key and select the appropriate network segment for the upsk enabled ssid if the segment is configured with an external radius server, the radius server will be used for upsk authentication otherwise, the nile cloud will be used self registration portal the self registration portal in the nile access service allows users to securely onboard their devices, including byod and corporate assets, using upsk and single sign on (sso) authentication accessing the self registration portal when an administrator enables sso and a upsk enabled wireless service, a self registration portal link is generated this link can be found in the following locations embedded in the my nilesecure com page (if the user is connected to the nile network) embedded in the nile hosted guest page displayed in the nile customer portal and accessible from anywhere users can access the self registration portal by clicking the link and authenticating through the organization's identity provider (idp) self registration process after successful authentication, users can perform the following actions in the self registration portal generate a upsk key for their devices, which can be used to connect to the upsk enabled wireless service register wired devices by providing the mac address these devices will be automatically assigned to the "self register" segment the self registered devices will be assigned to the network segment configured for the upsk enabled wireless service administrator management as an administrator, you can view and manage the devices registered through the self registration portal, including seeing all wired devices registered through the "self register" segment viewing all upsk keys generated by users monitoring the devices connected using upsk if a device is lost or the upsk key is compromised, you can delete the user/device or update the upsk key from the nile customer portal by leveraging the unique passphrase (upsk) feature and the self registration portal, organizations can securely onboard a wide range of devices, including byod and iot equipment, while maintaining control and visibility over network access unique passphrase (upsk) with sso external radius the nile access service supports the integration of unique passphrase (upsk) with external radius servers, such as cisco ise and aruba clearpass upsk enhances the security of traditional pre shared key (psk) wireless networks by assigning a unique passphrase to each authenticated user, rather than a single shared key to configure upsk with an external radius server in the nile access service, follow these steps configure the sso provider you can refer to the https //docs nilesecure com/okta saml integration section to find an sso guide create a upsk enabled ssid in the nile customer portal navigate to the "settings" > "wireless" page in the nile customer portal select the "personal" ssid type and enable the "enable sso" option enter a pre shared key and select the network segments accessible via this ssid configure the radius integration in the nile customer portal go to the "settings" > "authentication" page and add the external radius server details, including the name, ip address or fqdn, port, and shared secret verify the radius server connection by clicking the "verify hosts" button in the "segments" section, edit the segment associated with the upsk enabled ssid and select the radius server you just configured provide users with the upsk registration link instruct users to visit the my nilesecure com website or use the unique registration link provided in the nile customer portal users will be prompted to authenticate using your organization's identity provider (idp), which should be integrated with the external radius server after successful authentication, users can generate a unique passphrase for their device to connect to the upsk enabled ssid by integrating upsk with an external radius server, you can leverage your existing identity management infrastructure to provide secure wireless access, while still benefiting from the enhanced security and user specific credentials offered by the nile access service's upsk feature