On-boarding simply means bringing a new device onto the network for the first time. This process includes certificate enrollment and profile provisioning without involving IT as well as little interaction with the end user. DTS Solution partners with vendors that accomplishes these goals levering an existing or built-in Certificate Authority, user database such as Active Directory and the NAC framework.
The on-boarding process can vary; however will be explained as having a new device connecting to a SSID specified for on-boarding new devices (can be open or secured). Devices that connect to the on-boarding SSID will be redirected to a guest registration portal. The user will authenticate, which will trigger the certificate enrollment and profile provisioning process. Parameters to connect to the internal secure SSID will be included with the configuration profile that is provisioned to the mobile device post authentication. From that point on, the device will use the internal SSID for network access, which may have different NAC authorization rules depending on the design. Devices that fail to complete the on-boarding process will default to ether a guest SSID or be denied access depending on the desired policy.
Wireless on-boarding can be designed many ways, however through experience DTS methodology is to implement two SSIDs called Provisioning_Wireless for new devices and Employee_Wireless for existing approved devices.