Users
Users in IronWifi represent any entity that authenticates to your network. This includes employees, guests, contractors, and devices using MAC address authentication. Each user has credentials, attributes, and group memberships that control their network access.
User Properties
Basic Information
| Field | Description |
|---|---|
| Username | Unique identifier for authentication |
| Full Name | User's first and last name |
| Email address (used for certificate delivery with TLS authentication) | |
| Organizational Unit | The unit the user belongs to (inherits group membership and attributes) |
Authentication Settings
| Field | Description |
|---|---|
| Authentication Source | Identity database for credential validation |
| Password | Clear-text password for local verification |
| Status | Enabled (can authenticate) or Disabled (all requests rejected) |
| Login Time | Time periods when authentication is allowed |
Authentication Sources
- local - Verify using IronWifi's internal password database
- google - Forward requests to Google servers for verification
- rest - Use a REST API for credential verification
- LDAP - Test credentials against external AD/LDAP server
Google, REST, and LDAP authentication sources require a configured Connector.
Time-Based Access
The Login Time field restricts when users can authenticate:
Format examples:
Wk2305-0855- Weekdays 11:05 PM to 8:55 AMSa,Su2305-1655- Saturday and Sunday 11:05 PM to 4:55 PMAnyorAl- All days
All times are in UTC timezone.
Status Information
| Field | Description |
|---|---|
| Creation Date | When the user account was created |
| Last Seen | Most recent authentication attempt |
Groups
Users can be members of multiple groups and inherit attributes from them.
Adding Group Membership
- Click Add to Group
- Select the Group
- Assign a Priority (1-10)
- Click Save
Priority
Priority determines the evaluation order of group membership:
- 1 = Highest priority
- 10 = Lowest priority
Evaluation continues through all groups until a match is found (all Check Attributes match the request). When matched, group Reply attributes are added to the Response, and no further groups are checked.
Certificates
IronWifi supports certificate-based authentication using EAP-TLS protocol. Each user can have multiple certificates for different devices.
Generating a Certificate
- Click Add Certificate
- Select Distribution method
- Set Validity period
- Click Create
Distribution Options
| Option | Description |
|---|---|
| Download certificate | Certificate downloads to admin's browser; import password shown in popup |
| Email to User | User receives email with certificate attachment and import password |
| Email download link | User receives email with password and one-time download link |
You can customize outgoing emails to match your company brand.
Attributes
Users can have check and reply attributes that control session behavior and provide control mechanisms for your NAS/controller. Additional attributes can be inherited from Organizational Units or Groups.
Adding Attributes
- Click Add Attribute
- Search by name or select vendor
- Configure the attribute settings
Attribute Tables
| Table | Description |
|---|---|
| check | Received value is compared to pre-defined value |
| reply | If check matches, this attribute is returned to NAS/Controller |
Operators
| Operator | Symbol | Description |
|---|---|---|
| Equal | = | Attribute must exactly match |
| Not Equal | != | Attribute must not match |
| Greater Than | > | Attribute must be greater |
| Less Than | < | Attribute must be less |
| Contains | =~ | Attribute contains value |
| Assign | := | Assign value to attribute |
| Add | += | Add to existing value |
Common Attributes
| Attribute | Purpose |
|---|---|
Cleartext-Password | User's password |
Session-Timeout | Maximum session duration (seconds) |
Idle-Timeout | Disconnect after idle period (seconds) |
Simultaneous-Use | Max concurrent sessions |
WISPr-Bandwidth-Max-Down | Download bandwidth limit (bps) |
WISPr-Bandwidth-Max-Up | Upload bandwidth limit (bps) |
Bulk Operations
Import Users
Import users from CSV file:
- Navigate to Users > Import
- Upload your CSV file
- Map columns to user fields
- Review and confirm import
Export Users
Export user data:
- Navigate to Users > Export
- Select fields to include
- Choose format (CSV, JSON)
- Download the file