Standing up RADIUS so corporate Wi-Fi uses individual logins.
WPA3-Enterprise (or WPA2-Enterprise) means every user logs in with their own credentials, not a shared password. When someone leaves you revoke one account and the whole fleet knows. SMBs do not need an expensive NPS server, you use cloud RADIUS from your AP vendor or a service like JumpCloud or Foxpass.
Try this first
- 1Pick the RADIUS source: UniFi Identity, Aruba ClearPass cloud, JumpCloud RADIUS-as-a-Service, Foxpass. All hook into Microsoft 365 or Google Workspace.
- 2Create a dedicated staff SSID on WPA3-Enterprise or WPA2/3-Enterprise transitional, keep the old PSK SSID for two more weeks.
- 3Push the Wi-Fi profile through Intune or Jamf so laptops and phones do not have to log in by hand, otherwise everyone gets locked out.
- 4Test off-boarding: disable a test account in Entra ID and confirm the laptop drops off Wi-Fi within 15 minutes.
- 5Log RADIUS failures for a week, that surfaces printer accounts and machines that cannot use SSO and need a service account.
When to bring us in
You have MFA-on-network requirements (NIS2, ISO 27001 control 8.5): plain WPA-Enterprise will not suffice, you go to 802.1X with EAP-TLS and device certificates, that is not an SMB DIY job.
See also
- Wi-Fi drops randomly across the officeFirst rule out whether it is the access points or the internet connection itself. Different fix.
- One room or corner has no or bad Wi-FiNot always "add another AP"; often one is poorly positioned, or there is a metal wall in the way.
- Internet is suddenly slow for everyoneThree suspects: your provider, a colleague soaking the line, or a backup or update kicking in unexpectedly.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.