Is your client's WiFi still operating like it's 2005?

December 11, 2025

Share this article

 It's time to shift to identity-centric networks

WiFi hasn't changed in two decades.


Think about the way most companies handle Guest WiFi and employee access: it’s fundamentally broken. Your clients' employees are likely sharing a single, static Pre-Shared Key (PSK) password for the office network. 


That's the equivalent of giving everyone in the company the same house key. If that key is lost or shared, changing it requires disrupting every user and device on the network. Meanwhile, guests face clunky captive portals that capture minimal, unverified data.


This legacy architecture introduces significant security flaws. Open networks transmit traffic in cleartext, making client data vulnerable to packet sniffing. Furthermore, relying on shared passwords means your clients have virtually no visibility into who is actually on their network. 


The old security model focused on keeping the network safe by drawing a perimeter around it. That made sense when users sat at fixed desks. Today, that perimeter has dissolved, and the network boundary is no longer a useful security concept.


The Identity-Centric shift


Identity-Based Networking flips this model. We stop trying to police the network boundary and start asking, "Who is this person and what should they be able to access?"


Purple provides the cloud-native infrastructure layer that connects your clients' existing identity systems—like Microsoft Entra ID, Google Workspace, or Okta—directly to their WiFi. 


Your clients’ user directories become the new network policy engine. This approach transforms network authentication from a chore into a seamless, secure, and data-driven process.


This is how it works, solving IT's biggest headaches


The shift to an identity-first approach gives clients enterprise-grade security with consumer-grade simplicity. We resolve the difficult trade-off between security and complexity.


1) Security without the complexity of legacy systems

Secure WiFi access, like WPA2/3-Enterprise, traditionally introduces high Total Cost of Ownership (TCO) and significant deployment difficulty. We strip that away by eliminating the need for on-premise RADIUS servers or complex certificate management.


  • Zero Trust enforcement: Every user session is authenticated uniquely. The principle of least privilege is enforced without adding friction for the user.
  • Dynamic policy assignment: Network policies (VLANs, ACLs, bandwidth limits) are applied instantly and dynamically via RADIUS attributes. This is based on the user's role or group as defined in the Identity Provider (IdP).
  • Encrypted connections: For guests, the system provisions a SecurePass profile that replaces insecure open SSIDs with a secure, encrypted connection. All traffic is encrypted over-the-air (OTA) from the very first packet, bringing enterprise-grade security to Guest WiFi. This mitigation also eliminates the risk of "evil twin" attacks because the device validates the network's certificate.

2) End-to-end automation

Manual credential and access management is a massive drain on IT resources and creates security gaps when employees leave.


  • Automated lifecycle management (JML): The solution tightly couples network access with existing HR and IT "Joiners, Movers, Leavers" processes.
  • Instant revocation: When a user is disabled in the IdP (e.g., Entra ID), their ability to authenticate to the network is revoked immediately. This automation drastically reduces helpdesk tickets and closes critical security vulnerabilities.
  • Cloud RADIUS scalability: The global, high-availability Cloud RADIUS infrastructure handles authentication spikes without requiring you to provision or manage on-premise hardware.


3) Seamless access for all devices

The ConneX app is the bridge between identity and network access. It transforms the connection experience into a seamless, secure interaction.


  • Zero-Touch connectivity: ConneX installs a Passpoint profile that enables automatic, encrypted connection globally, with no captive portals or repeated logins required.
  • iPSK for legacy devices: For devices that can't run an app—like Smart TVs or gaming consoles—ConneX provides a unique Identity Pre-Shared Key (iPSK). This key extends identity-based access to "dumb" devices, giving users an "at home" experience while maintaining the 802.1X security architecture.
  • Network agnostic: Purple is an overlay solution. It works with any 802.1X-compatible hardware, providing a unified management layer across mixed estates (e.g., Cisco Meraki at HQ, Ruckus at branch offices).


By moving to this identity-based model, clients are not just improving security; they're creating intelligence that benefits the entire organization. They gain business insights, from occupancy patterns to user behavior, because every connection is tied to a verified identity.


Purple provides the control to move your clients' WiFi out of the past and into the identity-first era.


Interested? Let's chat!


Newer Post >

Recent Posts

The security fix that eliminates staff password sharing

By Em Turner December 12, 2025
Solve an enduring and costly security problem with a solution that's simple to deploy and manage

The partner guide to selling private area networks (PAN) for the ultimate ‘at-home WiFi experience’

By Em Turner December 11, 2025
Help your clients drive resident satisfaction and simplify IT operations

Why captive portals are a liability, not a feature

By Em Turner December 11, 2025
How to provide secure, seamless WiFi access instead