Google Apps and ID Manager

  • 17
  • Idea
  • Updated 2 years ago
I love to see Google Apps integrated into ID Manager (http://aerohive.com/products/cloud-se...) for authentication. Google Apps is the new active directory for a lot of schools.

One Login to Rule Them All ;)
Photo of Bradley Chambers

Bradley Chambers, Champ

  • 302 Posts
  • 53 Reply Likes

Posted 6 years ago

  • 17
Photo of Matthew Gast

Matthew Gast

  • 284 Posts
  • 63 Reply Likes
Interesting idea! ID Manager is a guest management system -- are you asking for the ability to use Google accounts so that employees can sponsor guests?
Photo of Bradley Chambers

Bradley Chambers, Champ

  • 302 Posts
  • 53 Reply Likes
Yeah something like that. Or perhaps allow Google Apps within the Captive Web Portal as a login mechanism
Photo of James Watson

James Watson

  • 70 Posts
  • 8 Reply Likes
This would be great.

I think what Bradley is saying, each student would use their Google Apps account Id and password to log into the network.
Photo of Jason Gale

Jason Gale

  • 1 Post
  • 0 Reply Likes
We are getting to release 1:1 chromebooks in Kindergarten through 12 Grade.  Using a Google Apps account ID to authenticate to the network would be great!!!
Photo of John Hanay

John Hanay

  • 38 Posts
  • 8 Reply Likes
We think this is a good idea also.
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Great idea Bradley.  We have several schools that are, or are aiming to be, "Google Integrated".  This functionality would give us an advantage over the vendors, like Ruckus, that seem to be so popular with schools.
Photo of Clive Foster

Clive Foster

  • 4 Posts
  • 2 Reply Likes
I think this could be a great move. At the moment we are installing Microsoft servers to simply replicate the same account system that Google maintains. If the RADIUS server could also front end Google Apps this could be a real selling point.
Photo of Bradley Chambers

Bradley Chambers, Champ

  • 302 Posts
  • 53 Reply Likes
Cloudessa.com offers GA as a hosted radius server, but its a per AP pricing so it ain't cheap.
Photo of Konstantin Kladko

Konstantin Kladko

  • 1 Post
  • 0 Reply Likes
Bradley - so how much are you willing to pay?
Photo of Bradley Chambers

Bradley Chambers, Champ

  • 302 Posts
  • 53 Reply Likes
Depends on the functionality. It ideally would be a feature of the ap
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Quoting Arran Cudbard-Bell because he put this so well:

I'm skeptical of RADIUS in the cloud. The base RADIUS protocol only encrypts sensitive attributes like User-Password, and provides no integrity checks for Access-Requests unless you use the Message-Authenticator [RFC 2869] attribute (which not all equipment supports). Additionally RFC assignment attributes for things like VLANs and IP addresses are also sent in the clear. Transmitting this information (which is usually segregated onto its own internal VLAN/Physical Network/VRF because of its sensitivity and criticality) detailing internal IP and VLAN assignment schemes across the public internet seems like a really bad idea. RadSec provides a decent solution using TCP as the transport, and TLS to provide integrity/privacy services. But most legacy NAS don't support this, so you have to install a translation box on site. I'd be interested to hear how Cloudessa deal with these issues. I've not been able to find any info on their website (besides shiny silver padlocks on all their diagrams). It's just not a protocol that's suited to cloud deployment, especially if RADIUS is critical to network access or network equipment access.
Considering how easy it is to run your own RADIUS infrastruture on existing servers at relatively low cost, I find it very difficult to see why people, certainly with typical use cases, would want it cloud hosted... for a fee.
(Edited)
Photo of James Watson

James Watson

  • 16 Posts
  • 3 Reply Likes
If this was to happen, it would be great to be able to add two domains. We use one for our students and a different one for staff. I can dream :)
Photo of Martin Benuska

Martin Benuska

  • 1 Post
  • 0 Reply Likes
I am happy using IronWifi hosted RADIUS service - ironwifi.com
(Edited)
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
I too would be interested in this as an AP feature, just like RADIUS authentication. And if we could like that info to ID Manager, we would seriously consider buying that product as well.
(Edited)
Photo of James Watson

James Watson

  • 16 Posts
  • 3 Reply Likes
It looks like we are close to getting this with the implementation of the new Social Login feature. http://www.aerohive.com/pdfs/Aerohive_At-a-Glance_Social-Login.pdf All we need to do next is limit this feature to the required domain(s). We have two (students and staff). Pleaaaassseeeeee! 
Photo of Clive Foster

Clive Foster

  • 4 Posts
  • 2 Reply Likes
It would be great to be able to authenticate against a Google Apps domain from a captive web portal. GAFE is becoming an important directory service in education and this would be a real plus.
Photo of Christian Vang

Christian Vang

  • 1 Post
  • 1 Reply Like
OneLogin offers a free radius server and is linkable to GoogleApps
Photo of Ben

Ben

  • 1 Post
  • 0 Reply Likes
Christian, It does not look like OneLogin's radius server is part of the free service. Can you confirm this or am I missing something?
Photo of Clive Foster

Clive Foster

  • 4 Posts
  • 2 Reply Likes
Meraki now has the capability to authenicate a captive web portal against a Google accounts. Is there any plans for Aerohive to match it ? I'd love to be able pitch this to the increasing number of schools now taking GAFE.
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
This would be an excellent option as we too are seeing a large number of schools using Google services to authenticate their students.
Photo of Clive Foster

Clive Foster

  • 4 Posts
  • 2 Reply Likes
GAFE currently has a user directory of 40 million students surely this has to be a good bet?
Photo of James Watson

James Watson

  • 16 Posts
  • 3 Reply Likes
GAFE now up to 50 million users. Come on Aerohive!!! Your competition has this.

http://www.edtechmagazine.com/k12/art...
Photo of Nathaniel Evslin

Nathaniel Evslin

  • 1 Post
  • 0 Reply Likes
This would be really useful for us. Allow students and faculty to authenticate using google apps sign on.
Photo of Michael Linszen

Michael Linszen

  • 1 Post
  • 0 Reply Likes
Are there any plans on this to integrate?
Photo of Dawn Douglass

Dawn Douglass

  • 67 Posts
  • 3 Reply Likes
I agree.  This seems like such a missed opportunity.  
Photo of Paul Plum

Paul Plum

  • 1 Post
  • 1 Reply Like
Come on Aerohive your taking your eye off the ball here.
Photo of Clive Foster

Clive Foster

  • 1 Post
  • 0 Reply Likes
Now that Google supports SAML as an iDP does this change the game with HiveManager NG ?