Home > Wireless LAN > Encryption and Authentication > Configuring WPA2-Enterprise with Google Auth

Configuring WPA2-Enterprise with Google Auth

Overview

This document outlines the steps you will need to take to configure your Meraki wireless network for WPA2-Enterprise encryption with 802.1X authentication against your Google Apps domain. With this feature, your users will be able to use their Google Apps credentials to access your secure wireless network.

Supported Operating Systems

EAP-TTLS/PAP is required on client devices. The following operating systems have native support:

  • iOS version 3.1.3 and higher.
  • Mac OS X 10.4 and higher.
  • Microsoft Windows 8 and higher.
  • Microsoft Windows Phone 8.1 and higher.
  • Google Chrome OS.
  • Android version 2.1 and higher.
  • Blackberry 6A and higher.

Other operating systems may enable support by installation of a certified third-party Encryption Control Protocol (ECP) client. OEM wireless adapter device drivers may also provide support.

Configuration

The following sections walk through configuration of 802.1X authentication with Google Auth.

Enable 2-factor Authentication in your Google Apps Domain

Please refer to Google's documentation regarding how to enable 2-factor auth.

  • Users in your Google Apps domain will need to create an ‘App Specific Password.’
    Please refer to Google's documentation for details.
  • The ‘App Specific Password’ will be the password used for WPA2-Enterprise login on the client devices.

Enable Single Factor Authentication

If you are not using 2-factor authentication on your Google Apps Domain, you can also enable users to connect with their Google username and password.

  1. Login to admin.google.com
  2. Click on Security > Basic Settings >  Go to settings for less secure apps
  3. To require your users to use an application specific password, select Disable access to less secure apps
  4. To allow individual users to enable Google login without 2-factor auth, select Allow users to manage their access
  5. To enable all users to support Google login without 2-factor auth, select Enforce access to less secure apps

 

If you allow users to enable this feature, you can provide them the following instructions to login with their Google username and password.

  1. Login to google.com and sign in to your Google Apps account.
  2. In top right and open up the circular image. Click ‘My Account’
  3. Choose Sign-in & security > Then Signing in to Google
  4. Scroll down and enable ‘Allow less secure apps’

Why does Google specify this as less secure? Google categorizes all authentication based on the source and determines if it is coming from a Google product. By default, Google does not accept sign-ins from a non-Google source such as the Meraki access points.

Contact Meraki to Enable this Feature

Contact Meraki Support to request activation of the Google Apps 802.1X Authentication feature on one Meraki network or your entire Meraki organization.

Enable WPA2-Enterprise with Google from Meraki Dashboard

  1. In Dashboard, go to Wireless > Configure > Access control.
  2. Select the desired SSID for this feature.
  3. Under Network access > Association requirements, select WPA2-Enterprise with Google
  4. Enter your Google Apps domains into Allowed domains. Multiple domains can be entered, separated by a comma:

(Optional) Configure your Client Devices to use EAP-TTLS+PAP

Please refer to our documentation on configuring EAP-TTLS + PAP on Mac OS X/iOS or Microsoft Windows.

You must to post a comment.
Last modified
20:11, 11 Jul 2017

Tags

Classifications

This page has no classifications.

Article ID

ID: 5032

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community