Self-Service OSU Portal

Overview

The IronWifi Online Sign-Up (OSU) portal provides a self-service interface for Passpoint (Hotspot 2.0) profile provisioning. Users can register themselves and automatically receive properly configured WiFi profiles for seamless, secure connectivity across all Passpoint-enabled networks.

The OSU portal is accessible at osu.ironwifi.com and integrates with the Passpoint/Hotspot 2.0 ecosystem to deliver zero-touch onboarding experiences.

Key Benefits

User Experience

• Self-service registration (no admin intervention)
• Automatic profile download and installation
• One-time setup for all Passpoint networks
• Seamless roaming across providers
• Works on all major platforms (iOS, Android, Windows, macOS)

Operational Efficiency

• Eliminate manual provisioning
• Reduce help desk tickets
• Scale to thousands of users
• Automated credential lifecycle
• Integration with identity providers

Security

• Certificate-based authentication (EAP-TLS)
• Encrypted credential delivery
• Tamper-proof profiles
• Automatic certificate renewal
• Secure device binding

How OSU Works

Passpoint Discovery & Registration Flow

1. User Discovery
   ↓
   Device detects Passpoint network (ANQP)
   ↓
   Device discovers OSU providers
   ↓
   User sees "Get Internet Access" option

2. OSU Portal Access
   ↓
   Device connects to open OSU SSID
   ↓
   Browser launched to osu.ironwifi.com
   ↓
   User presented with registration page

3. User Registration
   ↓
   User enters credentials (email/password or SSO)
   ↓
   Account validation
   ↓
   Terms of service acceptance

4. Profile Provisioning
   ↓
   Server generates unique client certificate
   ↓
   Certificate packaged into WiFi profile
   ↓
   Profile encrypted and signed

5. Profile Installation
   ↓
   Profile automatically downloaded
   ↓
   User prompted to install
   ↓
   Profile installed (one-click on iOS/Android)

6. Automatic Connection
   ↓
   Device disconnects from OSU SSID
   ↓
   Device connects to secure Passpoint SSID
   ↓
   Certificate-based authentication (EAP-TLS)
   ↓
   Connected - seamless roaming enabled

Technical Components

ANQP Server

• Advertises OSU providers
• Provides network information
• Enables pre-association discovery
• Roaming consortium information

OSU SSID

• Open network for registration
• Walled garden to osu.ironwifi.com
• HTTPS redirect
• Temporary internet access

OSU Portal (osu.ironwifi.com)

• User registration interface
• Authentication processing
• Profile generation
• Certificate issuance
• Device enrollment

Provisioning Server

• OMA DM (Device Management) protocol
• SOAP-XML communication
• Profile packaging
• Certificate delivery
• Platform-specific formatting

Network Configuration

Prerequisites

Access Point Requirements

• Hotspot 2.0 / Passpoint support
• ANQP capability
• Dual SSID support (secure + OSU)
• 802.11u support
• Firmware with Passpoint Release 2 or higher

Supported Vendors

• Cisco (Meraki, Catalyst, WLC)
• Ubiquiti UniFi
• Ruckus (SmartZone, Cloud, Unleashed)
• Aruba (Mobility Controller, Instant)
• Cambium Networks
• TP-Link Omada
• MikroTik
• Fortinet FortiGate
• Juniper Mist
• See vendor-specific guides in Passpoint Configuration

Secure SSID Configuration

Primary Passpoint SSID:

SSID Name: (Hidden - advertised via ANQP only)
Security: WPA2/WPA3-Enterprise
Authentication: 802.1X EAP-TLS
RADIUS Servers: IronWifi RADIUS
Passpoint: Enabled
OSU Provider: IronWifi

Hotspot 2.0 Settings:
- Enable Hotspot 2.0
- Enable ANQP
- Venue Type: [Select appropriate]
- Operator Friendly Name: [Your organization]
- Domain Name: [your-domain.com]
- Roaming Consortium OIs: (from IronWifi console)
- NAI Realm: [realm from IronWifi]

OSU SSID Configuration

OSU/Registration SSID:

SSID Name: "Get Internet Access" or "[Organization] Setup"
Security: Open (no password)
Captive Portal: Redirect to osu.ironwifi.com
Network Access: Walled garden

Walled Garden (Allowed Domains):
- osu.ironwifi.com
- console.ironwifi.com
- *.apple.com (for iOS)
- *.google.com (for Android)
- *.microsoft.com (for Windows)

Hotspot 2.0 OSU Settings:
- OSU Provider Name: [Your Organization]
- OSU Method: OMA-DM
- OSU Server URI: https://osu.ironwifi.com/[your-account]
- OSU Icon: (upload logo)
- OSU Service Description: "Get WiFi Access"

ANQP Configuration

ANQP Elements to Advertise:

Venue Information:
- Venue Group: (e.g., Educational, Business, Assembly)
- Venue Type: (specific to venue)
- Venue Name: [Your location name]

Network Information:
- Internet: Available
- Network Type: Free Public WiFi / Private Network
- Network Authentication: 802.1X
- IPv4/IPv6: Available

Operator Information:
- Operator Friendly Name: [Your organization]
- Domain Name List: [your-domain.com]

Roaming Partners:
- Roaming Consortium OIs
- NAI Realm List
- 3GPP Cellular Network (if applicable)

OSU Providers:
- Provider Name: [Your Organization]
- Server URI: https://osu.ironwifi.com/[account]
- Method: OMA-DM
- Icon: (logo file)
- Service Description: Multi-language descriptions

IronWifi Console Configuration

Step 1: Enable Passpoint

Navigation: Networks → [Your Network] → Passpoint Settings

Basic Settings:
├─ Enable Passpoint: ✓
├─ Passpoint Release: 2 or 3
├─ Venue Type: [Select from list]
├─ Operator Name: [Your organization]
└─ Domain Name: [your-domain.com]

OSU Provider Settings:
├─ Enable OSU Portal: ✓
├─ OSU Server URL: https://osu.ironwifi.com/[auto-generated]
├─ Provider Name: [Your organization]
├─ Service Description: "Self-service WiFi access"
├─ Icon Upload: [Your logo - PNG, 160x160px]
└─ Friendly Name: Multiple languages supported

Roaming Configuration:
├─ Roaming Consortium OIs: [Auto-populated]
├─ NAI Realms: [Your authentication realm]
└─ OpenRoaming: Optional integration

Step 2: Configure Authentication

Navigation: Networks → [Your Network] → Authentication

Primary Authentication Method:
- Method: 802.1X
- Inner Method: EAP-TLS
- Certificate Authority: IronWifi CA
- Client Certificate: Auto-provisioned via OSU

User Database Options:

Option 1: Local Database
- Users register with email/password
- Accounts created in IronWifi
- Certificate bound to account

Option 2: External Identity Provider
- Azure AD / Google Workspace / Okta
- OAuth 2.0 / SAML integration
- SSO during OSU registration
- Certificate bound to corporate identity

Option 3: RADIUS Proxy
- Proxy to existing RADIUS
- External user validation
- Certificate provisioning by IronWifi

Step 3: OSU Portal Customization

Navigation: Captive Portal → OSU Portal → Branding

Visual Customization:
├─ Logo: Upload (PNG, max 500KB)
├─ Background: Color or image
├─ Primary Color: Brand color
├─ Font: Select from library
└─ Favicon: Upload

Content Customization:
├─ Welcome Message: Custom text
├─ Instructions: Setup guidance
├─ Terms of Service: Link or inline
├─ Privacy Policy: Link or inline
├─ Support Contact: Email/phone
└─ FAQ Link: Optional

Localization:
├─ Default Language: English
├─ Available Languages: 20+ supported
├─ Auto-detect: From device settings
└─ User selection: Language dropdown

Registration Fields:
├─ Email: Required
├─ Password: Required (if local auth)
├─ First Name: Optional
├─ Last Name: Optional
├─ Phone: Optional
├─ Organization: Optional
├─ Custom Fields: Up to 5
└─ Terms Acceptance: Required checkbox

Step 4: Certificate Settings

Navigation: Account → PKI Infrastructure → Client Certificates

Certificate Template:
├─ Validity Period: 365 days (recommended)
├─ Key Length: 2048-bit RSA or 256-bit ECC
├─ Subject DN: CN={email}, O=[Organization]
├─ SAN: email:{email}
└─ Extended Key Usage: Client Authentication

Auto-Renewal:
├─ Enable Auto-Renewal: ✓
├─ Renewal Period: 30 days before expiration
├─ Renewal Method: Silent (automatic)
└─ User Notification: Email 14 days before

Revocation:
├─ CRL Distribution: Enabled
├─ OCSP Responder: Enabled
├─ Revocation Reason: User deactivation, security
└─ Grace Period: None (immediate)

User Registration Process

Self-Registration Flow

Step 1: Network Discovery

User Experience:

On iOS:
- Settings → WiFi
- Available networks show "Get Internet Access"
- Tap to view OSU providers
- See organization name and logo
- Tap "Get Access"

On Android:
- Settings → Network & Internet → WiFi
- Advanced → Passpoint
- Add Passpoint network
- See available providers
- Select organization
- Tap "Connect"

On Windows:
- Network icon → Available Networks
- See Passpoint networks
- Click organization name
- Follow setup wizard

Step 2: OSU Portal Registration

Browser Flow:

1. Connection to OSU SSID (automatic)
2. Browser opens to osu.ironwifi.com
3. User sees branded registration page

Registration Options:

A) Email/Password (Local):
   - Enter email address
   - Create password (8+ chars)
   - Confirm password
   - Accept terms of service
   - Click "Register"

B) SSO Integration:
   - Click "Sign in with [Provider]"
   - Redirect to SSO provider
   - Authenticate with corporate credentials
   - Redirect back to OSU portal
   - Click "Complete Registration"

C) Voucher Code:
   - Enter pre-generated code
   - Validate code
   - No password required
   - Click "Activate"

Step 3: Profile Installation

Platform-Specific Installation:

iOS:
1. Profile download initiated
2. "Profile Downloaded" notification
3. Settings → General → VPN & Device Management
4. Tap downloaded profile
5. Tap "Install" (may require passcode)
6. Trust certificate warning → "Install"
7. Profile installed ✓

Android:
1. Profile download to device
2. Notification: "WiFi profile ready"
3. Tap notification
4. "Install network?" prompt
5. Tap "Install"
6. Profile installed ✓

Windows:
1. .xml profile download
2. "Open file?" prompt
3. Network profile wizard launches
4. "Install network profile?" → Yes
5. Certificate installed automatically
6. Profile installed ✓

macOS:
1. .mobileconfig download
2. System Preferences → Profiles
3. New profile appears
4. "Install" button → Click
5. Enter admin password
6. Profile installed ✓

Step 4: Automatic Connection

Post-Installation:

1. Device disconnects from OSU SSID
2. Device scans for Passpoint networks
3. Matches installed profile to network
4. Automatic EAP-TLS authentication
5. Connected to secure network ✓

No further action required:
- No SSID selection needed
- No password entry
- No manual configuration
- Seamless roaming to any Passpoint network with matching profile

Administrative Management

User Lifecycle Management

User Provisioning

Bulk Import:

CSV Format:
email,firstName,lastName,group,validUntil
user1@company.com,John,Doe,employees,2025-12-31
user2@company.com,Jane,Smith,guests,2024-06-30

Import Process:
1. Navigate: Users → Import
2. Upload CSV file
3. Map fields
4. Set default group
5. Generate OSU invite emails
6. Users receive registration links

User Management

Individual User Actions:

View User:
- Registration date
- Certificate status
- Last connection
- Device count
- Data usage
- Group membership

Edit User:
- Update email
- Change group
- Set expiration
- Add notes
- Custom attributes

Disable User:
- Revoke certificate
- Disable account
- Terminate sessions
- Optional: Re-enable later

Delete User:
- Permanent removal
- Certificate revocation
- Audit log retention
- Cannot be undone

Certificate Management

Certificate Operations:

View Certificates:
- List all issued certificates
- Filter by status (valid, expired, revoked)
- Search by user email
- Sort by expiration date

Renew Certificate:
- Manual renewal trigger
- Automatic renewal (if enabled)
- Email notification to user
- Silent renewal (no user action)

Revoke Certificate:
- Immediate revocation
- CRL update
- OCSP notification
- User notification (optional)
- Reason code (required)

Reissue Certificate:
- After device loss
- Security incident
- User request
- Different device

Monitoring & Analytics

Registration Metrics

Dashboard Metrics:

Today:
- New registrations: 47
- Profile installations: 45 (96% success)
- Active users: 1,234
- Failed attempts: 2

This Month:
- Total registrations: 1,458
- Unique devices: 1,891
- Platform breakdown:
  - iOS: 52%
  - Android: 35%
  - Windows: 10%
  - macOS: 3%

Trends:
- Week-over-week growth: +12%
- Month-over-month: +8%
- Registration completion rate: 94%
- Average time to complete: 2 minutes

Connection Analytics

Network Performance:

Current Status:
- Active connections: 892
- Authentication success: 98.7%
- Average session: 3.2 hours
- Roaming events: 156/hour

Historical:
- Daily connections: 1,500 avg
- Peak concurrent: 1,100 (2pm)
- Authentication failures: 1.3%
- Top failure reason: Expired certificate

User Behavior:
- Return user rate: 87%
- Multi-device users: 43%
- Roaming users: 28%
- Average devices/user: 1.6

Error Tracking

Common Issues:

Registration Failures:
- Invalid email: 15 (this week)
- Weak password: 8
- Terms not accepted: 3
- SSO timeout: 2

Installation Failures:
- Profile not installed: 12
- Certificate rejected: 4
- Platform incompatible: 1

Authentication Failures:
- Expired certificate: 45
- Revoked certificate: 5
- Invalid certificate: 2
- RADIUS timeout: 8

Actions:
- Automated user notifications
- Self-service troubleshooting guides
- Help desk ticket integration

Reporting

Standard Reports

Available Reports:

Registration Report:
- Date range
- User details
- Platform distribution
- Registration method
- Installation success rate
- Export: CSV, PDF

Usage Report:
- Active users
- Connection frequency
- Session duration
- Data consumption
- Device types
- Export: CSV, Excel

Security Report:
- Certificate status
- Expiring certificates (30 days)
- Revoked certificates
- Failed authentications
- Anomalous activity
- Export: PDF

Compliance Report:
- User audit trail
- Configuration changes
- Access logs
- GDPR compliance data
- Export: PDF (encrypted)

Custom Reports

Report Builder:

Dimensions:
- Time period
- User group
- Location
- Device type
- Authentication method

Metrics:
- Registration count
- Active users
- Session duration
- Data usage
- Authentication success rate

Filters:
- User status
- Certificate validity
- Connection status
- Error types

Scheduling:
- Daily / Weekly / Monthly
- Email delivery
- Recipients list
- Format: PDF, CSV, Excel

Platform-Specific Considerations

iOS Devices

Profile Format

.mobileconfig (Apple Configuration Profile)

Requires:
- Signed profile (IronWifi certificate)
- WiFi payload with EAP-TLS settings
- Certificate payload with client cert
- Trust payload for RADIUS CA

User Experience:
- Profile download notification
- Settings → General → VPN & Device Management
- One-tap installation
- Passcode required
- Trust warning (normal)
- Immediate connection

MDM Integration

Alternative Deployment:

Via MDM (Jamf, Intune, etc.):
1. Export profile from IronWifi
2. Import to MDM system
3. Assign to user groups
4. Push to devices
5. Silent installation (no user action)

Benefits:
- No OSU portal needed
- Automated deployment
- Centralized management
- Compliance enforcement

Android Devices

Profile Format

Passpoint Profile (via OMA-DM)

Includes:
- WiFi configuration
- EAP-TLS settings
- Client certificate
- CA certificate
- Roaming consortium

User Experience:
- Automatic profile download
- Notification: "Network available"
- One-tap to install
- May require lock screen PIN
- Connects immediately

Version Compatibility

Android Support:

Android 6.0 - 8.1:
- Basic Passpoint support
- Manual profile installation sometimes required
- Certificate trust confirmation

Android 9.0+:
- Full Passpoint Release 2
- Automatic profile installation
- OSU support
- Seamless experience

Android 11+:
- Passpoint Release 3
- Enhanced OSU
- Better roaming
- Improved security

Windows Devices

Profile Format

.xml (Windows WiFi Profile)

Contains:
- SSID configuration
- EAP-TLS settings
- Certificate installation
- Network policies

Installation Methods:

A) Via OSU Portal:
- Download .xml file
- Import via network wizard
- Certificate auto-installs

B) Via PowerShell:
- netsh wlan add profile filename="profile.xml"
- Certificate installed to user store

C) Via Group Policy:
- Domain-joined devices
- Automated deployment
- Centralized management

Windows Hello Integration

Certificate Protection:

Windows 10/11:
- Store cert in TPM
- Biometric unlock
- Enhanced security
- Certificate exportable: No

Configuration:
- Enable in IronWifi console
- Requires TPM 2.0
- Windows Hello for Business
- Domain join (optional)

macOS Devices

Profile Format

.mobileconfig (macOS Configuration Profile)

Similar to iOS:
- Signed profile
- WiFi and certificate payloads
- Trust settings
- Network policies

Installation:
- Download profile
- System Preferences → Profiles
- Click "Install"
- Admin password required
- Immediate effect

Keychain Integration

Certificate Storage:

System Keychain:
- Client certificate
- CA certificate
- Network identity

User Keychain:
- Alternative location
- User-specific

Access Control:
- 802.1X process
- Always allow
- No user prompt

Security Considerations

Certificate Security

Private Key Protection

Key Generation:

On-Device Generation (Recommended):
- Private key never leaves device
- CSR sent to server
- Signed certificate returned
- Highest security

Server-Side Generation:
- Faster provisioning
- Key encrypted in transit
- Delivered via HTTPS
- Deleted from server immediately

Platform Support:
- iOS: On-device
- Android: On-device
- Windows: Server-side
- macOS: On-device

Certificate Pinning

RADIUS CA Validation:

Trust Settings:
- Pin IronWifi RADIUS CA
- Reject untrusted CAs
- Prevent MITM attacks
- Included in profile

Validation:
- Server certificate check
- CN/SAN validation
- CA chain verification
- Revocation check (OCSP)

Authentication Security

EAP-TLS Protection

Benefits:

Mutual Authentication:
- Client proves identity (certificate)
- Server proves identity (RADIUS cert)
- No password interception
- No credential phishing

Encrypted Tunnel:
- TLS 1.2 or 1.3
- Strong cipher suites
- Per-session keys
- Forward secrecy

Protection Against:
- Credential theft
- Man-in-the-middle
- Rogue access points
- Evil twin attacks
- Phishing

Portal Security

OSU Portal Protection

Security Measures:

HTTPS Only:
- TLS 1.2+ required
- Valid SSL certificate
- HSTS enabled
- No HTTP allowed

DDoS Protection:
- Rate limiting
- CAPTCHA for suspicious activity
- IP reputation filtering
- WAF protection

Input Validation:
- Email format validation
- Password strength requirements
- SQL injection prevention
- XSS protection
- CSRF tokens

Session Security:
- Secure session cookies
- Short session timeout (15 min)
- Session fixation protection
- Logout functionality

Troubleshooting

Common Issues

Profile Installation Fails

Symptoms:
- Download completes but profile not installed
- Error message during installation
- Profile appears but doesn't work

iOS Troubleshooting:
1. Check iOS version (9.0+ required)
2. Ensure sufficient storage
3. Verify passcode is set
4. Check for existing conflicting profile
5. Try removing and reinstalling

Android Troubleshooting:
1. Check Android version (6.0+ required)
2. Verify security settings allow unknown sources
3. Clear app cache (Settings)
4. Reboot device
5. Try manual profile installation

Windows Troubleshooting:
1. Run as administrator
2. Check certificate store
3. Verify WiFi service running
4. Import via PowerShell
5. Check event viewer logs

macOS Troubleshooting:
1. Check macOS version (10.9+ required)
2. Ensure admin privileges
3. Check keychain access
4. Verify WiFi is enabled
5. Remove and reinstall profile

Authentication Failures

Symptoms:
- Profile installed but won't connect
- "Authentication failed" error
- Connects then disconnects

Diagnosis:

Check Certificate:
- Validity period (not expired?)
- Revocation status
- Correct username/identity
- CA chain complete

Check RADIUS:
- Server reachable
- Shared secret correct
- User account active
- Certificate authentication enabled

Check AP Configuration:
- 802.1X enabled
- RADIUS servers configured
- EAP-TLS allowed
- Passpoint enabled

Check Device:
- Correct network selected
- Certificate trusted
- Date/time accurate
- No conflicting profiles

OSU Portal Access Issues

Symptoms:
- Can't reach osu.ironwifi.com
- Page doesn't load
- Redirect doesn't work

Solutions:

Network Issues:
1. Verify OSU SSID connection
2. Check walled garden config
3. Ensure DNS resolution works
4. Test with different device
5. Check firewall rules

Browser Issues:
1. Clear cache and cookies
2. Try different browser
3. Disable extensions
4. Check for popup blockers
5. Enable JavaScript

Account Issues:
1. Verify account active
2. Check OSU portal enabled
3. Validate configuration
4. Review audit logs
5. Contact IronWifi support

Error Codes

Common Error Messages

Registration Errors:

ERROR_EMAIL_EXISTS:
- Cause: Email already registered
- Solution: User should use password reset
- Admin: Check user status, reactivate if needed

ERROR_INVALID_PASSWORD:
- Cause: Password doesn't meet requirements
- Solution: Use 8+ characters, mixed case, numbers
- Admin: Review password policy settings

ERROR_SSO_FAILED:
- Cause: OAuth/SAML authentication failed
- Solution: Check SSO provider status
- Admin: Verify integration configuration

Installation Errors:

ERROR_PROFILE_INVALID:
- Cause: Corrupted or incompatible profile
- Solution: Re-download profile
- Admin: Regenerate profile for user

ERROR_CERT_UNTRUSTED:
- Cause: CA certificate not trusted
- Solution: Install CA cert first, then profile
- Admin: Verify CA cert in profile

Authentication Errors:

ERROR_RADIUS_NO_RESPONSE:
- Cause: RADIUS server unreachable
- Solution: Check network connectivity
- Admin: Verify RADIUS server status

ERROR_CERT_EXPIRED:
- Cause: Client certificate expired
- Solution: Renew certificate via portal
- Admin: Enable auto-renewal

ERROR_USER_DISABLED:
- Cause: Account deactivated
- Solution: Contact administrator
- Admin: Reactivate user account

Best Practices

Deployment Strategy

Pilot Phase

Small-Scale Testing:

Week 1-2:
- IT team registration (10-20 users)
- Test all platforms
- Validate certificate issuance
- Confirm authentication
- Document issues

Week 3-4:
- Friendly user group (50-100 users)
- Gather feedback
- Monitor success rates
- Refine documentation
- Train help desk

Validation:
- Installation success: 95%+
- Authentication success: 98%+
- User satisfaction: 4/5+
- Help desk tickets: Under 5%

Full Rollout

Phased Approach:

Phase 1: Early Adopters (Month 1)
- Tech-savvy users
- Self-service oriented
- Provide feedback
- Target: 10-20% of users

Phase 2: General Users (Month 2-3)
- Broad communication
- Training sessions
- Help desk support
- Target: 60-80% of users

Phase 3: Laggards (Month 4+)
- Direct outreach
- Assisted registration
- Deprecate old methods
- Target: 95%+ of users

User Communication

Pre-Launch

Communication Plan:

T-14 days:
- Announcement email
- Feature overview
- Benefits explanation
- Timeline

T-7 days:
- Reminder email
- Setup instructions
- FAQ link
- Support contact

T-1 day:
- Final reminder
- Quick start guide
- Video tutorial
- Live support hours

Launch Materials

Required Documentation:

Quick Start Guide:
- Platform-specific steps
- Screenshots
- Troubleshooting tips
- Support contact
- 1-2 pages max

FAQ Document:
- Common questions
- Account issues
- Installation help
- Authentication problems
- 10-15 Q&As

Video Tutorials:
- iOS registration (2 min)
- Android registration (2 min)
- Windows registration (3 min)
- macOS registration (2 min)
- Troubleshooting (3 min)

Support Resources:
- Email: support@yourdomain.com
- Portal: help.yourdomain.com
- Chat: Available 9-5 M-F
- Phone: XXX-XXX-XXXX

Operational Excellence

Monitoring

Daily Checks:

Morning:
- Registration success rate
- Authentication success rate
- Error log review
- Help desk tickets
- Certificate expiration alerts

Evening:
- Daily usage report
- Capacity trends
- Security events
- Backup verification

Weekly:
- Trend analysis
- User growth tracking
- Platform distribution
- Performance optimization

Monthly:
- Strategic review
- Capacity planning
- Security audit
- Documentation updates

Maintenance

Regular Tasks:

Weekly:
- Certificate expiration review (30 days)
- User account cleanup (inactive)
- Error pattern analysis
- Performance tuning

Monthly:
- Certificate renewal processing
- User satisfaction survey
- Help desk metrics review
- Documentation updates

Quarterly:
- Security audit
- Capacity assessment
- Platform updates
- Disaster recovery test

Annually:
- CA certificate renewal
- Policy review
- Technology refresh planning
- Compliance audit

Support & Resources

IronWifi Support

Contact Methods

• Email: support@ironwifi.com
• Portal: console.ironwifi.com/support
• Documentation: www.ironwifi.com/help-center
• Phone: Available for Enterprise accounts

Response Times

• Critical (OSU portal down): Under 2 hours
• High (authentication failures): Under 4 hours
• Normal (user registration issues): Within 24 hours
• General questions: Within 48 hours

Documentation

Related Guides

• Passpoint Overview - Technology introduction
• Passpoint Onboarding - Deployment guide
• Vendor Configuration Guides - AP-specific setup
• OpenRoaming - Federation integration
• Certificate Management - PKI administration

Professional Services

Available Services

• OSU portal customization
• Custom integration development
• White-label OSU portal
• Dedicated support
• On-site training
• Managed service

---

Ready to Deploy?

Contact IronWifi to enable the OSU portal for your Passpoint deployment and provide seamless self-service registration for your users.