Passpoint Services

Passpoint Download Page

You can initialize a Passpoint Download Page for a give user by calling a

https://osu.cloud4wi.com/activate/[customerToken]?redirect_url=<redirect_url>

The custmerToken can be created using the related API (see docs). The token can be configured to expire within a certain period (e.g. 5 minutes) and support only certain number of hits (a.k.a. after N clicks the page wont' work anymore). This technique allows to minimize the risk that users would forward the link to other individuals.

The page can be customized form the Cloud4wi dashboard using a custom CSS (read more). The page is also automatically translated in the language currently used by the browsers (detected via user agent).

The redirect_url parameter, is optional and if present, will show a button "Connect" in the last instruction page of the Download Page journey and redirect the client to the value of the parameter.

Passpoint Profile URL

This endpoint allows to generate and download a Passpoint profile for a given existing user with a known user Id

https://wifiprofile.cloud4wi.com/wifiprofile
?accountId=<customerId>
&deviceType=<deviceType>
&realm=<PasspointRealm>
&displayName=<OperatorFriendlyName>

Where:

• customerId: is the user identifier

• deviceType: it represents the type of operative system and can be:

  • apple: for iOS, macOS and iPadOS

  • android: for all supported Andorid devices (all Andorid 11+)

  • windows: for Windows 10+ devices

• PasspointRealm: is the main domain for the access network provider and MUST match the one configured in the Cloud4Wi dashboard settings

• displayName: is the operator friendly name that end users see in their device WiFi picker when the connect to a Passpoint network and should match the one you configure the in Cloud4Wi dashboard settings

Example: https://wifiprofile.cloud4wi.com/wifiprofile?accountId=3e1c940ef45937b1b9f364090ab0d680&deviceType=apple&realm=openroaming.securewifi.io&displayName=OpenRoaming%20by%20Cloud4Wi

Device specific implementations

Windows

Please note that to trigger a WiFi profile download and trigger the profile installed on Window, you need to compose the URI in this format:

ms-settings:wifi-provisioning?uri=<download_URL>

iOS

Please note that only certain browser can trigger the native WiFi profile installer automatically. At this time, the list includes Safari, Chrome, Edge

macOS

Please note that only certain browser can trigger the native WiFi profile installer automatically. At this time, the list includes only Safari. In all other browsers, the user needs to click on the downloaded profile to trigger the installation process.

Android

Please note that only certain browser can trigger the native WiFi profile installer automatically. At this time, the list includes only Chrome

Network configuration

The access network must be configured with a dedicated SSID configured with

• WPA2/3-Enterprise security

• authentication toward Cloud4Wi RADIUS (Primary/Secondary IP addresses, ports and secret). RadSec is also supported on demand.

• Hotspot 2.0 parameters

  • Domain: the domain must match the PasspointRealm configured in the Passpoint profile

Check the documentation on how to configure Passpoint on all main WiFi vendors.

Requirements

In order for devices to be authorized on an access network, the network Access Point NAS identifiers must be provisioned on the Cloud4Wi account.

In case a matching Access Point is not found in a Cloud4Wi accout, the AAA responds with an Access-Reject.