Creating an Identity Provider Profile

A Service Provider keeps track of user subscriptions. Use an Identity Provider profile, which defines the properties pertaining to a service provider, to authenticate users using realm-based authentication and accounting services.

Complete the following steps to create an Identity Provider profile:

  1. From the navigation bar, select Network Control > Policies & Profiles.
  2. In the Policies & Profiles page, click the Identity Provider tile. The Hotspot 2.0 tab is displayed. Click Add HS2.0 IDP. Alternatively, in the Policies & Profiles page, click Add Policy or Profile, select the Identity Provider tile, and click Next.
    The Add Identity Provider wizard is displayed.
    Adding an Identity Provider Profile
  3. In the Network Identifier page, enter the profile name.
  4. Under Provider Settings, configure the following settings:
    1. (Optional) Click Import from a Known Identity Provider to import a pre-configured identity provider from the list.

      When you import a pre-configured identity provider, the existing configuration in the NAI Realm, PLMN, and Roaming Consortium OI tables is replaced by the new one.

    2. Click Add Realm to add an NAI realm. In the Add Realm sidebar, enter the realm information to configure the realm mapping to the authentication service. Enter a realm name and choose the Encoding (RFC-4282 or UTF-8) from the list, and then click Add.

      You can add another realm by selecting the Add another Realm checkbox.

      Note: Choose RFC-4282 encoding to handle user names during network authentication. Alternatively, choose UTF-8 encoding for text representation that is compatible with a broad range of languages and systems.
      • Click Add EAP Method. The Add EAP Method sidebar appears. Select the EAP Method from the list. If you would like to add another authentication type for this EAP method, then click Add another Auth and select the Auth Type from the list. Enter the Vendor ID and Vendor Type, and then click Add.

        You can add another EAP method by selecting the Add another EAP Method checkbox. You can select up to four EAP methods.

        Adding an EAP Method
    3. (Optional) Add a Public Land Mobile Network (PLMN) Wi-Fi operator for the geographical location and a Roaming Consortium Organization Identifier (OI). For more information, refer to Identity Provider Overview.
  5. Click Next in the Add Identity Provider page.
  6. In the AAA Settings page, select a preconfigured authentication server from the list or click Add Server to configure a primary authentication server. In the Add AAA Server dialog box, add an IP address, select the port number, and enter the Shared Secret, then click Add. Optionally, click Add Secondary Server to configure a secondary authentication server.
  7. (Optional) For Accounting Service, toggle the switch to ON to select an Accounting Server from the list or click Add Server to configure a primary accounting server. In the Add AAA Server dialog box, add an IP address, select the port number, and enter the Shared Secret, then click Add. Optionally, you can configure a secondary accounting server and click Next.
  8. Under Summary, review the settings and click Add to add the Identity Provider.
Up to 16 identity provider profiles can be created.