You can create a network that allows users to authenticate using social media or self-registration credentials.

1. On the navigation bar, click Wi-Fi > Wi-Fi Networks > Wi-Fi Networks List.
   The Wi-Fi Networks page is displayed.
2. Click Add Wi-Fi Network. Alternatively, select an existing Captive Portal with Self Sign In Wi-Fi network setting that you want to copy and click Clone at the top of the table.
   The Create New Network page is displayed.
3. Complete the settings on the Network Details page.
   • Network Name: Enter a name (2 to 32 characters) for a network. By default, this name is also used as the SSID.
   • (Optional) Set different SSID: Click Set different SSID to configure an SSID different from the network name.
     The SSID field is displayed.

     • SSID: Enter an SSID name (2–32 characters; up to 32 bytes for UTF‑8 non‑Latin characters).
   • (Optional) Description: Enter a description to help you identify the network.
   • Network Type: Choose Captive Portal.

     A structure diagram of a Captive Portal is displayed.

     Note: If you used the Clone option, the Network Type is already set to Captive Portal.
4. Click Next.
   The Portal Type page is displayed.
5. Click Self Sign In.
   Users authenticate using their social media credentials.
   The structure diagram on the right updates to show the Self-Sign-In network type.
6. Click Next.
   The Onboarding page is displayed.

   

7. Allow Sign-In Using (At least one option must be selected): Configure Allow Sign-In Using, if you want users to self-register using their social media accounts, email, or an SMS token.
   If you created your app on any of these social media platforms and you want to use your app, you can add details when you edit the option. You can select one or more of the following options:

   • SMS Token: Select this checkbox if you want users to receive a single-use token on their mobile number.

     A Password expires after field is displayed and you can select a time period in hours or days after which the password expires. The default is 12 hours.

   • Email: Select this checkbox if you want users to receive a single-use token on their registered email address. Users have the option to use an email-based registration process when connecting to the WLAN. Users will receive a one-time password (OTP) in their email, which will grant them access to the network.

     A Password expires after field is displayed and you can select a time period in hours or days after which the password expires. The default is 12 hours.

   • WhatsApp: The Captive Portal's Self Sign In feature via WhatsApp One-Time Passcode (OTP) is supported through the Twilio SMS provider. To enable this functionality, navigate to Administration > Settings and add the Twilio SMS provider. This option allows end users to receive OTPs via WhatsApp for self-sign-in. For more information, refer to Configuring an SMS Provider for the Account
   • Facebook: Select this checkbox if you want users to connect to the network using their Facebook account. Click the Edit () icon to view the Edit Facebook App page and add further configuration. For details, refer to Allowing Sign-In Using Facebook.
   • Google: Select this checkbox if you want users to connect to the network using their Google account. Click the Edit () icon to view the Edit Google App page and add further configuration. For details, refer to Allowing Sign-In Using Google.
   • LinkedIn: Select this checkbox if you want users to connect to the network using their LinkedIn account. Click the Edit () icon to view the Edit LinkedIn App page and add further configuration. For details, refer to Allowing Sign-In Using LinkedIn.
   • X (formerly Twitter): Select this checkbox if you want users to connect to the network using their X (Twitter) account. Click the Edit () icon to view the Edit Twitter App page and add further configuration. For details, refer to Allowing Sign-In Using X (Twitter).

     Click RUCKUS Networks Privacy Policy to view more information on the RUCKUS Networks Privacy Policy.

8. (Optional) Secure your network: Select a Secure your network method. The options are:
   • None (default): No encryption method is used.
   • Pre-Share Key (PSK): Select Pre-Share Key (PSK) and select a security protocol for the network.
     • Passphrase: Enter a Passphrase (minimum 8 characters) and select a Security Protocol. The options are:
       • WPA2 (Recommended) (default): Select WPA2 (Recommended) and enter a passphrase of at least eight characters in the Passphrase field.

         WPA2 provides strong Wi‑Fi security and is widely supported on devices manufactured after 2006. Select WPA2 unless your deployment requires WPA3. 6 GHz radios are only supported with WPA3.

       • WPA3: Select WPA3 and enter a passphrase of at least eight characters in the SAE Passphrase field.

         WPA3 provides the highest Wi‑Fi security and is supported on most devices manufactured after 2019.

         Note: The IEEE 802.11ax (Wi-Fi 6E) and IEEE 802.11be (Wi-Fi 7) APs support only WPA3. The 6 GHz radios support WPA3 only.
       • WPA2/WPA3 mixed mode: Select WPA2/WPA3 mixed mode and enter a passphrase of at least eight characters in the WPA2 Passphrase and WPA3 SAE Passphrase fields.

         WPA2/WPA3 mixed mode lets devices connect using either WPA3, the most secure Wi-Fi standard, or WPA2, which is still widely supported. Most devices made after 2006 support WPA2, and those from 2019 onward typically support WPA3.

         Note: Select WPA3 or WPA2/WPA3 mixed mode if you broadcast on 6 GHz.
   • OWE Encryption: Opportunistic Wireless Encryption (OWE) provides encrypted communications for open Wi-Fi networks without passwords. Choose this option to allow users to access the network without entering a password for authentication. If you selected OWE Encryption, configure the following field:
     • (Optional) OWE Transition mode: Toggle the OWE Transition mode switch on to enable a seamless transition from open, unencrypted WLANs to OWE WLANs without adversely impacting the end user experience.
       Note: OWE transition mode allows STAs that do not support OWE authentication to access the network in open authentication mode, while OWE-capable STAs can use OWE authentication mode.

       The migration to an enhanced open Wi-Fi network is done gradually, with user devices also upgrading over time. In OWE Transition mode, an AP creates two SSIDs as a pair: SSID1 (broadcast) for open authentication and SSID2 (hidden) for OWE authentication (read-only). Non-OWE devices connect to SSID1, while OWE-capable devices initially connect to SSID1 but are then associated with SSID2 for secure access.

       Deleting SSID1 or disabling OWE Transition also deletes SSID2; cloning SSID1 creates two new WLANs. SSID1/SSID2 co‑exist as a pair; a maximum of six WLANs can be created per venue, per AP group.

9. Allowed domains: Select the Allowed domains checkbox to allow only the clients registering with email addresses from the specified domains to connect to the network.
   • Enter a domain name.
     Note: You can configure multiple domain names separated by commas. This is not applicable for SMS registration (if enabled).
10. Redirect Users to: Select the Redirect Users to checkbox and enter a valid URL.
    You can redirect users to your company website or another URL after they log in successfully. If the checkbox is not selected, users are sent to the page they originally requested.
11. Select the Collect email addresses of users who connect to this network checkbox to save the email address of the user.

    If this option is selected, users will be informed that their personal information is being collected

12. Enable RUCKUS DHCP service: Select the Enable RUCKUS DHCP service checkbox to automatically create and assign a new DHCP-Guest Service and DHCP Pool for those Guest WLAN-related venues that do not have a specified DHCP Service. Please refer to the DHCP Service at each Venue for more information.
13. (Optional) Use Bypass Captive Network Assistant: Select the Use Bypass Captive Network Assistant checkbox to prevent the controller from using the mini browser on mobile devices. With CNA bypass enabled, portal login is achieved by opening a standard browser to any unauthenticated HTTP page to get redirected to the login portal.
14. (Optional) Walled Garden: Enter Walled Garden destinations (URLs or IP addresses) that users can access before authentication.
    A walled garden is a limited environment that allows unauthenticated users to access specific destinations so they can set up an account. After the account is established, the user is allowed out of the walled garden. Unauthenticated users will be allowed to access these destinations (i.e., without redirection to captive portal). Each destination should be entered in a new line. Accepted formats for destinations are:

    • IP address (for example, 10.11.12.13)
    • IP address range (for example, 10.11.12.13-10.11.12.15)
    • CIDR (for example, 10.11.12.13/28)
    • IP address and mask (for example, 10.11.12.13 255.255.255.0)
    • Website FQDN (for example, www.ruckus.com)
    • Website FQDN with a wildcard (for example, *.amazon.com; *.com)
15. Accounting Service: Toggle the switch on to enable this option and select the existing RADIUS Server from the drop-down list or complete the following steps to add a new RADIUS Server.
    1. Click Add Server and configure a new RADIUS Server. Refer to Adding and Managing a RADIUS Server.
    2. Proxy Service: Toggle the switch on to enable the proxy service.
       Note: Use the controller as a proxy in 802.1X networks. A proxy AAA server is used when APs send authentication/accounting messages to the controller and the controller forwards these messages to an external AAA server.

       Note: For stations (STAs) that do not support OWE authentication, the OWE transition mode is available so that such STAs can access the network in open authentication mode.
16. Click Show more settings.

    The VLAN sub‑tab is displayed by default, and each sub‑tab presents additional Wi‑Fi configuration options. For details about configuring these options, refer to the Configuring Additional Settings for a Wi-Fi Network.

    Note: Demonstration of Advanced Settings for a Wi-Fi Network. This video explains advanced settings for a Wi-Fi network and walks you through the process of configuring them.

    Click to play video in full screen mode.

17. Click Next.
    The Portal Web Page is displayed.
18. Select portal from the Guest Portal Service drop-down list.
    Click Add Guest Portal Service to add a new Guest Portal Service. The Guest Portal Service is where you define the look and feel of the webpage that guests use to join the captive portal network. Refer to Adding a Guest Portal Service.
19. Click Next.
    The Venues page is displayed.
20. Select one or more venues where you want to activate this network by clicking the checkbox next to the Venue column, and then toggle the switch on in the Activated column.
    The details in the APs, Radios, and Scheduling columns are displayed for all the activated venues. By default, this network configuration is applicable for All APs and their applicable radio bands, and is scheduled to be available 24/7.
    1. Click the All APs hyperlink in the APs column or the list of radios in the Radios column of the Venues section on the Create New Network page to configure APs and radio-frequency bands for the selected venue.
       The Select APs dialog box is displayed. Select one of the following options:

       • All APs: Select All APs to activate this network on all current and future APs in this venue. Choose a radio band from the drop-down list. You can choose one or more of the supported radio bands.

         

       • Select specific AP groups: Select Select specific AP groups to activate this network on specific AP groups including any AP that is added to the selected AP groups in the future. The APs not assigned to any group option is displayed with a checkbox and a reminder to select an AP Group.

         Click the APs not assigned to any group checkbox; the VLAN and Radio Band options are displayed:

         

       • In the VLAN option, VLAN-1 is selected by default. Click the icon and select VLAN or pool from the drop-down list. Depending on the selection, enter the VLAN ID or select the pool from the drop-down list.
       • In the Radio Band option, select one or more of the supported radio bands from the drop-down list for the selected AP group.
       • Click Apply.
    2. Click the 24/7 hyperlink in the Scheduling column of the Venues section on the Create New Network page to customize the schedule.
       The Schedule for Network <network-name> in Venue <venue-name> dialog box is displayed.

       

       • Click Custom Schedule.
       • Customize the network schedule as required. You can configure Monday through Sunday and times from 00:00 to 23:59. Click the See tips hyperlink for guidance. The Network Scheduler Tips dialog box is displayed.

         

       • Review the tips and click OK to close the Network Scheduler Tips dialog box.
       • Click Apply. The hyperlink updates to ON now. When hovered over, it displays the time until which the scheduler will remain active (<Day> <Time>).
    3. Toggle the Network Tunneling switch on to define how network traffic is tunneled at the venue. When toggled on, a Tunnel: <venue-name> sidebar is displayed.
       Note: The Network Tunneling switch is displayed only when the venue is Activated.
       • Select a Tunneling Method from the drop-down.
       • If you choose SoftGRE, select a SoftGRE profile and optionally enable and configure IPsec. (Refer to Creating a SoftGRE Profile and Adding an SD-LAN Service).

         The SD-LAN option is available only when RUCKUS Edge devices are present.

       • Click Add to save and apply.
21. Click Next.
    The Summary page is displayed.
22. Review the settings that you configured.
23. Click Finish.