UserLock Documentation
UserLock Documentation
You are here: Reference > Protected sessions > Wi-Fi sessions

Wi-Fi sessions

UserLock can audit, control and apply a user access policy to Wi-Fi sessions:

Wi-Fi sessions when authenticated with the RADIUS protocol on a Microsoft Network Policy Server (included in Windows Server).

  • This requires the 'NPS agent' to be installed in this service.
  • Important:
    RADIUS clients (Wi-Fi access points) should be configured to contact the NPS server for 'RADIUS authentication' and 'RADIUS accounting'.
  • Limitations:
    - Generally, the RADIUS protocol does not allow to recover the name of the client. As a result, you will not be able to apply Workstation restrictions with the client name.
    - Controlling Wi-Fi sessions may be unreliable if the Wi-Fi access point doesn't correctly notify the end of a session to the RADIUS server when a Wi-Fi client is powered off without closing the Wi-Fi session properly.
    - If the Wi-Fi client is a member of the Active Directory domain, the Wi-Fi session may be authenticated with the computer account instead of the user account. In this case,
    UserLock will not manage the session. UserLock only manages sessions with user accounts, and not sessions with computer accounts.
    - Multiple RADIUS servers for a single RADIUS client (hardware router) is not supported as the logon may be managed by a different agent to the logoff.
    - When a Wi-Fi session is denied, the user is prompted to enter new credentials. There is currently no way to display a more intelligible message to the user.

    The hardware routers and WiFi Access points that are compatible with UserLock are listed below:
    • Wi-Fi Access Points:
      • Cisco Aironet 1700 (AIR-CAP1702I-E-K9).
    This list is not exhaustive as we will add to it as we are able to confirm compatibility with specific devices. We therefore suggest you test your device with UserLock.