# Netgraph Connectivity Platform ## Docs - [API reference](https://wiki.netgraph-connect.com/docs/easypsk/api-reference/_placeholder.md): EasyPSK does not expose a public API today. - [Meraki WPN Context](https://wiki.netgraph-connect.com/docs/easypsk/concepts/easypsk-context.md): The unit of EasyPSK inside an Organization: one Meraki dashboard connection, one SSID, and the Wireless Personal Networks that live on it. - [Self-Service portal](https://wiki.netgraph-connect.com/docs/easypsk/concepts/self-service-portal.md): What residents see when they open their Wireless Personal Network in the Self-Service portal — the end-user experience that makes an EasyPSK deployment work without you. - [Wireless Personal Networks](https://wiki.netgraph-connect.com/docs/easypsk/concepts/wireless-personal-networks.md): The per-unit Wi-Fi bubble that makes EasyPSK unique — each apartment, room, or unit has its own Pre-Shared Key on the shared SSID, managed by a Group Administrator from the Self-Service portal. - [Managing Self-Service Users](https://wiki.netgraph-connect.com/docs/easypsk/features/managing-self-service-users.md): Invite residents to a Wireless Personal Network, grant or revoke the Group Administrator permission, and use Self-Service enrollment to let a resident provision themselves on first login. - [Managing Wireless Personal Networks](https://wiki.netgraph-connect.com/docs/easypsk/features/managing-wireless-personal-networks.md): Create one apartment, batch-create a whole building, rename, rotate the key, watch connected devices, and delete — all from the Context admin. - [Webhooks](https://wiki.netgraph-connect.com/docs/easypsk/integrations/webhooks.md): Subscribe to the configuration-audit event stream for a Meraki WPN Context and keep your SIEM or change-management system in sync with admin actions. - [EasyPSK for Cisco Networks overview](https://wiki.netgraph-connect.com/docs/easypsk/overview.md): Give every apartment, room, or unit its own private Wi-Fi bubble on a shared SSID — no per-unit SSIDs, no 802.1X supplicants, just one Pre-Shared Key per Wireless Personal Network. - [EasyPSK quickstart](https://wiki.netgraph-connect.com/docs/easypsk/quickstart.md): From zero to one apartment connected to its own Wireless Personal Network, with its Group Administrator invited to the Self-Service portal — about 20 minutes. - [Meraki connection](https://wiki.netgraph-connect.com/docs/easypsk/setup/meraki-connection.md): Connect a Meraki WPN Context to your Cisco Meraki dashboard — API key, organization, network or template, SSID, Group Policy Strategy, and PSK defaults. - [EasyPSK diagnostics](https://wiki.netgraph-connect.com/docs/easypsk/troubleshooting/easypsk-diagnostics.md): Why a Wireless Personal Network isn't behaving as expected — a walkthrough of the common causes in order of likelihood. - [API reference](https://wiki.netgraph-connect.com/docs/endpoint-manager/api-reference/_placeholder.md): Endpoint Manager does not expose a public API today. - [Delegated administration](https://wiki.netgraph-connect.com/docs/endpoint-manager/concepts/delegated-administration.md): The shape of Endpoint Manager: one group, one delegated owner. A pattern that scales from a single managed group to dozens, each operated by the team or vendor that actually knows what belongs there. - [Endpoint Identity Groups](https://wiki.netgraph-connect.com/docs/endpoint-manager/concepts/endpoint-identity-groups.md): A managed Endpoint Identity Group is a 1:1 reflection of a Cisco ISE group that you've opted in to administering from the platform. The ISE group still lives in ISE — you gain a delegated-admin layer on top. - [Endpoint Manager Context](https://wiki.netgraph-connect.com/docs/endpoint-manager/concepts/endpoint-manager-context.md): A Cisco ISE Context wires the platform to one of your ISE deployments and makes its Endpoint Identity Groups available for managed administration. One Context per ISE. - [Endpoint management via Self-Service](https://wiki.netgraph-connect.com/docs/endpoint-manager/concepts/self-service-portal.md): How Self-Service Users manage endpoints in their assigned Endpoint Identity Groups: view device details, add single devices, or upload many at once via CSV. - [Batch adding endpoints](https://wiki.netgraph-connect.com/docs/endpoint-manager/features/batch-adding-endpoints.md): Upload a CSV of endpoints to a managed group — from the admin side or the Self-Service portal. Four steps, preview before commit, auto-move of MACs that already live somewhere else. - [Change of Authorization](https://wiki.netgraph-connect.com/docs/endpoint-manager/features/change-of-authorization.md): Trigger a CoA on a live endpoint to force Cisco ISE to re-evaluate its authorization policy — typically after a group move or an attribute change. - [Managed Attributes](https://wiki.netgraph-connect.com/docs/endpoint-manager/features/managed-attributes.md): How Endpoint Manager automates Cisco ISE's Endpoint Custom Attributes — define what's managed at the Context level, set values per group, and let the platform keep every endpoint in sync. - [Managing Endpoint Identity Groups](https://wiki.netgraph-connect.com/docs/endpoint-manager/features/managing-endpoint-identity-groups.md): How to bring Cisco ISE's existing groups under managed administration, create new groups from the platform, rename them, and disconnect cleanly. - [Managing endpoints](https://wiki.netgraph-connect.com/docs/endpoint-manager/features/managing-endpoints.md): Add, edit, move, and delete endpoints in a managed group. Read live session data — NAS, port, VLAN, session duration, data usage — straight from Cisco ISE. - [Managing Self-Service Users](https://wiki.netgraph-connect.com/docs/endpoint-manager/features/managing-self-service-users.md): Invite, promote, and revoke delegated administrators on a managed Endpoint Identity Group. Two roles, enrollment via email or SAML, per-group scope throughout. - [Webhooks](https://wiki.netgraph-connect.com/docs/endpoint-manager/integrations/webhooks.md): One event — ise.configuration.audit — fires for every configuration change inside an Endpoint Manager Context. Subscribe to forward changes to your SIEM, Slack, or change-management pipeline. - [Endpoint Manager for Cisco ISE overview](https://wiki.netgraph-connect.com/docs/endpoint-manager/overview.md): Hand out day-to-day endpoint administration in your Cisco ISE — per group, to the people who actually own those endpoints — without giving anyone an ISE login. - [Endpoint Manager quickstart](https://wiki.netgraph-connect.com/docs/endpoint-manager/quickstart.md): From zero to one Endpoint Identity Group — connected to your Cisco ISE, with its Group Administrator invited to the Self-Service portal and the first endpoint added. About 25 minutes. - [2. Connect Endpoint Manager](https://wiki.netgraph-connect.com/docs/endpoint-manager/setup/cisco-ise-connection.md): One-time setup: enable three ISE APIs, mint an API user, paste Base URL / Username / Password into API Configuration. Every Context goes through this once. - [1. Prepare Cisco ISE](https://wiki.netgraph-connect.com/docs/endpoint-manager/setup/prepare-cisco-ise.md): ISE-side configuration before connecting Endpoint Manager: enable ERS, Open API and the API Gateway; create a dedicated API admin user; define Endpoint Custom Attributes. - [Endpoint Manager troubleshooting](https://wiki.netgraph-connect.com/docs/endpoint-manager/troubleshooting/endpoint-manager-diagnostics.md): Symptom-driven walkthrough of the common ways Endpoint Manager ends up stuck — API Configuration failing, groups refusing to connect, endpoints not appearing, CoA returning no session. - [API reference](https://wiki.netgraph-connect.com/docs/entrypoint/api-reference/_placeholder.md): EntryPoint doesn't expose a public API today. - [Attribute Profiles](https://wiki.netgraph-connect.com/docs/entrypoint/concepts/attribute-profiles.md): Named bundles of RADIUS return attributes — VLAN, SGT, tunnel attributes — reused across Groups. - [Comparing variants](https://wiki.netgraph-connect.com/docs/entrypoint/concepts/comparing-variants.md): A side-by-side matrix of the four EntryPoint variants — EAP-PEAP, EAP-TLS with Microsoft Entra ID, iPSK, and Radius Proxy — so you can pick the right one for each audience. - [EntryPoint Context](https://wiki.netgraph-connect.com/docs/entrypoint/concepts/entrypoint-context.md): A Context is one instance of EntryPoint inside an Organization. It owns the RADIUS endpoint, the Groups, and the access policy. - [Webhooks](https://wiki.netgraph-connect.com/docs/entrypoint/integrations/webhooks.md): Subscribe to EntryPoint configuration-audit events at Organization or Context scope. The only event EntryPoint exposes today is entrypoint.configuration.audit. - [EntryPoint overview](https://wiki.netgraph-connect.com/docs/entrypoint/overview.md): RADIUS-as-a-Service for four distinct access scenarios — contractor Wi-Fi on EAP-PEAP, managed-device fleets on EAP-TLS with Microsoft Entra ID, IoT on per-Group iPSK for Cisco networks, and eduroam-style roaming via Radius Proxy. One Context, one variant, one audience. - [EntryPoint quickstart](https://wiki.netgraph-connect.com/docs/entrypoint/quickstart.md): Create your first EntryPoint Context, enable 802.1X-PEAP, and authenticate a test device. - [Creating an EntryPoint Context](https://wiki.netgraph-connect.com/docs/entrypoint/setup/creating-a-context.md): The Create RADIUSaaS Context wizard — variant picker, name and description, and where you land afterwards. - [Entra connection](https://wiki.netgraph-connect.com/docs/entrypoint/setup/entra-connection.md): Connect an EntryPoint Context to a Microsoft Entra ID tenant. Required for EAP-TLS; optional (but often useful) for EAP-PEAP. Sets up the Graph-API credentials EntryPoint uses on every authentication. - [RADIUS clients](https://wiki.netgraph-connect.com/docs/entrypoint/setup/radius-clients.md): Point your network equipment at the EntryPoint Context: hostname, ports, per-Context shared secret, and the CIDR allow-list. - [Trusted certificates](https://wiki.netgraph-connect.com/docs/entrypoint/setup/trusted-certificates.md): Upload trusted CA certificates so EntryPoint can validate the client certificates presented in EAP-TLS authentication. - [EntryPoint diagnostics](https://wiki.netgraph-connect.com/docs/entrypoint/troubleshooting/entrypoint-diagnostics.md): Why an EntryPoint authentication failed — a structured walk through the common causes. Start from the symptom, narrow by variant. Covers EAP-PEAP, EAP-TLS with Microsoft Entra ID, iPSK, and Radius Proxy. - [Combining with EAP-PEAP](https://wiki.netgraph-connect.com/docs/entrypoint/variants/eap-tls-entra/combining-with-eap-peap.md): Run EAP-TLS and EAP-PEAP on the same Context for the mixed fleet a typical Organization has — employees on certificates, contractors on passwords, headless gear on MAB inside the Device-Cert Groups. - [Device certificates and Intune](https://wiki.netgraph-connect.com/docs/entrypoint/variants/eap-tls-entra/device-certificates-and-intune.md): The EAP-TLS Group type where the certificate identifies a device. Pair with Device Compliance Check to enforce Intune posture at the RADIUS layer. Hosts the MAB Device List fallback for headless gear on the same Group. - [Entra group mapping](https://wiki.netgraph-connect.com/docs/entrypoint/variants/eap-tls-entra/entra-group-mapping.md): One EntryPoint Group corresponds to one Microsoft Entra group. How the mapping is captured, how authentication resolves it, and how changes on the Entra side propagate. - [MAB fallback inside Device-Cert Groups](https://wiki.netgraph-connect.com/docs/entrypoint/variants/eap-tls-entra/mab-fallback-inside-device-cert.md): MAC Authentication Bypass appears as a MAB Device List tab on every Dot1x Group; Device-Cert Groups are the most common home for it. Listed MACs authenticate by MAC and inherit the Group's Attribute Profile alongside certificate- or PEAP-authenticated devices. - [EAP-TLS with Microsoft Entra ID overview](https://wiki.netgraph-connect.com/docs/entrypoint/variants/eap-tls-entra/overview.md): Certificate-based 802.1X for managed corporate devices, with Groups mirrored from Microsoft Entra ID. Pair with Device Compliance Check to gate access on Intune posture. No passwords on the wire, no per-user account management, no Self-Service portal — just Entra groups and certificates. - [Setup EAP-TLS with device certificate](https://wiki.netgraph-connect.com/docs/entrypoint/variants/eap-tls-entra/setup-with-device-certificate.md): End-to-end setup guide for EntryPoint with device certificates issued by Microsoft Cloud PKI through Intune — Cloud PKI, SCEP and trusted certificate profiles, the Wi-Fi profile, the EntryPoint Context, RADIUS network integration and the device certificate Group with its Certificate Group Identifier… - [Setup with Microsoft Entra ID](https://wiki.netgraph-connect.com/docs/entrypoint/variants/eap-tls-entra/setup-with-entra-id.md): End-to-end setup guide for EntryPoint with Microsoft Entra ID — Graph API credentials and permissions, Microsoft Cloud PKI, Intune SCEP and trusted certificate profiles, the EntryPoint Context, RADIUS network integration, and Entra group mapping. - [User certificates](https://wiki.netgraph-connect.com/docs/entrypoint/variants/eap-tls-entra/user-certificates.md): The EAP-TLS Group type where the certificate identifies a person. Employees on MDM-enrolled devices authenticate with a per-user cert; the cert's bearer is matched to Entra group membership on every auth. - [Groups and shared PSK](https://wiki.netgraph-connect.com/docs/entrypoint/variants/ipsk/groups-and-shared-psk.md): Each iPSK Group carries one shared Pre-Shared Key and the MAC addresses of every device that authenticates with it. This page covers the lifecycle: create, configure, delegate, rotate, retire. - [Managing devices — bulk and single](https://wiki.netgraph-connect.com/docs/entrypoint/variants/ipsk/managing-devices-bulk-and-single.md): Add devices to an iPSK Group one MAC at a time or in bulk via CSV. Update descriptions, retire devices at end-of-life, and keep the MAB and iPSK workflows in sync across admin and Self-Service. - [iPSK for Cisco Networks overview](https://wiki.netgraph-connect.com/docs/entrypoint/variants/ipsk/overview.md): Per-Group Identity PSK on Cisco Wi-Fi, with distributed administration. Each device class gets its own Group and its own shared Pre-Shared Key; the people who actually install the fleet manage that fleet from the Self-Service portal, without ever touching Cisco or EntryPoint admin. - [Self-Service portal & roles](https://wiki.netgraph-connect.com/docs/entrypoint/variants/ipsk/self-service-portal-and-roles.md): What a delegated iPSK administrator sees — a Group-scoped workspace with device management, PSK rotation (for the PSK Administrator role), and user management (for the Self-Service User Administrator role). No Cisco or EntryPoint admin access. - [Combining with EAP-TLS & MAB](https://wiki.netgraph-connect.com/docs/entrypoint/variants/peap/combining-with-eap-tls-and-mab.md): PEAP isn't exclusive on a Context. Turn on EAP-TLS for certificate-auth'd managed devices, let MAB inside Device-Cert Groups catch the headless gear, and keep PEAP Groups for the people who need passwords. - [Groups per audience](https://wiki.netgraph-connect.com/docs/entrypoint/variants/peap/groups-per-company.md): Create one 802.1X-PEAP Group per audience — employees, a contractor firm, a vendor team, an event cohort — and attach an Attribute Profile for VLAN or Security Group Tag. Delegate day-to-day account management to the audience's lead. - [EAP-PEAP overview](https://wiki.netgraph-connect.com/docs/entrypoint/variants/peap/overview.md): Username-and-password 802.1X Wi-Fi for audiences that don't have a certificate to present — employees, contractors, students, visiting staff. Per-audience Groups with delegated Self-Service so the people who own each audience manage it, not IT. - [Self-Service & Personal PEAP Accounts](https://wiki.netgraph-connect.com/docs/entrypoint/variants/peap/self-service-and-personal-peap-accounts.md): What a PEAP Group's members actually see — their auto-generated Personal PEAP Account, per-OS setup instructions, and the Connected Devices list. Plus the two-role matrix that governs who can invite whom. - [Default Device Group](https://wiki.netgraph-connect.com/docs/entrypoint/variants/radius-proxy/default-device-group.md): The single auto-created Group on a Radius Proxy Context. Its only operational purpose is to carry an Attribute Profile so every proxied authentication gets a consistent RADIUS response to your WLAN — usually a VLAN assignment for visiting users. - [Radius Proxy for eduroam](https://wiki.netgraph-connect.com/docs/entrypoint/variants/radius-proxy/overview.md): Forward authentication and accounting to a remote RADIUS server — almost always a national eduroam federation tier. No local identities, no Self-Service portal, one Default Device Group for attribute policy. Designed for universities joining eduroam. - [RadSec (RADIUS over TLS)](https://wiki.netgraph-connect.com/docs/entrypoint/variants/radius-proxy/radsec.md): Turn on RADIUS-over-TLS for a Radius Proxy Context — the modern transport used by eduroam. Upload the federation's CA certificate, point at the RadSec port, and you're done. - [Remote Radius Server](https://wiki.netgraph-connect.com/docs/entrypoint/variants/radius-proxy/remote-radius-server.md): Configure the upstream RADIUS endpoint that a Radius Proxy Context forwards to. Hostname, ports, shared secret, and the egress FQDN you'll need to share with the upstream operator. - [Getting started](https://wiki.netgraph-connect.com/docs/getting-started.md): Onboarding for a new Organization administrator: your first sign-in, orientation, and adding your first Service. - [Introduction](https://wiki.netgraph-connect.com/docs/introduction.md): Documentation for Netgraph Connectivity Platform — cloud-native NAC/ZTNA built for guests, BYOD, and IoT. - [API reference](https://wiki.netgraph-connect.com/docs/organization/api-reference/_placeholder.md): Organization-scope settings, administrators, audit, webhooks, and SAML are managed through the Admin Portal today; there is no public API surface for these resources. - [Admin Portal vs Self-Service Portal](https://wiki.netgraph-connect.com/docs/organization/concepts/admin-portal-vs-self-service.md): Two completely separate sign-in surfaces serve two completely different audiences. The Admin Portal is for the Organization administrators who run the platform; the Self-Service Portal is for the end users they delegate work to. Each has its own authentication configuration. - [Administrator roles](https://wiki.netgraph-connect.com/docs/organization/concepts/administrator-roles.md): Every administrator on your Organization holds one or more of three roles — Organization Owner, Organization Context Manager, Organization Member — that decide what they can read, change, and manage. Pick the smallest role that gets the job done. - [Organization and Services](https://wiki.netgraph-connect.com/docs/organization/concepts/organization-and-services.md): An Organization is your top level on Netgraph Connectivity Platform. Each Service is consumed inside the Organization as one or more Service Contexts, while shared concerns like administrators, audit, webhooks, and authentication live at the Organization level itself. - [Audit Log](https://wiki.netgraph-connect.com/docs/organization/features/audit-log.md): The Audit Log records every administrative change made anywhere in your Organization — who did it, when, on what scope, and the property-level diff. It's read-only, filterable by user and timestamp, and never deleted while the Organization exists. - [Managing Administrators](https://wiki.netgraph-connect.com/docs/organization/features/managing-administrators.md): The Administrators page lists every person who can sign in to your Organization's Admin Portal, the role they hold, when they joined, whether they have MFA on, and how they were provisioned. Day-to-day work — invite, edit, resend, remove — happens here. - [Managing Service Contexts](https://wiki.netgraph-connect.com/docs/organization/features/managing-service-contexts.md): The Services page is the inventory of every Service Context inside your Organization. From here you add a new Service Context (handing off to the Service's own quickstart for configuration), open an existing Context's admin, and remove a Service Context that's no longer needed. - [Webhooks](https://wiki.netgraph-connect.com/docs/organization/integrations/webhooks.md): Webhooks at the Organization scope deliver Organization-configuration changes to a system you choose — your SIEM, a change-review workflow, an on-call channel. Configuration is shared between Event-style and Batch-style delivery, with retries, headers, and a recent-deliveries inspector. - [Organization overview](https://wiki.netgraph-connect.com/docs/organization/overview.md): An Organization is your top level on Netgraph Connectivity Platform — the umbrella that holds your Service Contexts, your administrators, your audit log, your webhooks, and the SAML federation that signs your team and your end users in. Operational work happens inside each Service Context; everythin… - [Organization quickstart](https://wiki.netgraph-connect.com/docs/organization/quickstart.md): Day-one path through your new Organization on Netgraph Connectivity Platform: orient, set Organization Settings, invite a colleague, optionally federate sign-in, add your first Service Context, and stream changes to your downstream systems. - [Admin Portal authentication](https://wiki.netgraph-connect.com/docs/organization/setup/admin-authentication.md): The Admin Portal supports two authentication methods: Form Login (default, email + password with optional MFA) and SAML 2.0. Most Organizations end up running both — SAML 2.0 for the day-to-day admins, Form Login as a break-glass safety net. - [Organization Settings](https://wiki.netgraph-connect.com/docs/organization/setup/organization-settings.md): The Organization Settings page is the configuration root for your Organization on Netgraph Connectivity Platform. It carries your Organization's name, the slugs that route SAML and Self-Service Portal traffic to you, the languages your admins can choose from, the Admin Portal access whitelist, the m… - [Self-Service Portal authentication](https://wiki.netgraph-connect.com/docs/organization/setup/self-service-authentication.md): The Self-Service Portal — used by EasyPSK residents, Sign-In Self-Service Users, conference hosts, and ISE delegated administrators — supports two authentication methods: Email Magic Link (default, passwordless) and SAML 2.0. Each Service Context decides who is granted Self-Service access; this page… - [Organization diagnostics](https://wiki.netgraph-connect.com/docs/organization/troubleshooting/organization-diagnostics.md): Common Organization-scope issues — administrators that can't sign in, SAML federations that won't authenticate, webhooks that don't deliver, audit rows that won't show up — and how to work them out. - [Glossary](https://wiki.netgraph-connect.com/docs/platform/glossary.md): Definitions for the terms used across the Netgraph Connectivity Platform documentation. - [Object hierarchy](https://wiki.netgraph-connect.com/docs/platform/hierarchy.md): Five concepts — Platform, User, Organization, Service, and Service Context — cover the Netgraph Connectivity Platform object model. - [Platform overview](https://wiki.netgraph-connect.com/docs/platform/overview.md): Netgraph Connectivity Platform is the cloud platform Organizations use to authenticate users and devices. One User account spans the whole platform; what appears in the Admin Dashboard is shaped by your permissions in the Organization you're viewing. - [Users and roles](https://wiki.netgraph-connect.com/docs/platform/users-and-roles.md): A User on Netgraph Connectivity Platform is a global identity. Role bindings determine which Organizations you can sign in to, and which surfaces you see in the Admin Dashboard of each one. - [Add emails to access policy](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/access-policies/add-emails.md): Add email addresses or patterns to a Sign-In access policy. - [Access Policy](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/access-policies/overview.md): API family for adding and removing email addresses or patterns on a Sign-In access policy. - [Remove emails from access policy](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/access-policies/remove-emails.md): Remove emails from an access policy; optionally revoke active sessions in the same call. - [API overview](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/overview.md): Programmatic access to a Sign-In Context: Username & Password users, Access Policy emails, and Whitelisting. - [Create user](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/up-guests/create.md): Create a username/password user account inside a Sign-In Context. - [Delete user](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/up-guests/delete.md): Revoke a username/password user. Active sessions are terminated. - [Username & Password](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/up-guests/overview.md): API family for creating, updating, and revoking username/password user accounts on a Sign-In Context. - [Update user](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/up-guests/update.md): Rotate the password on an existing username/password user. - [Batch-add whitelistings](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/whitelistings/batch-add.md): Create many whitelist entries in a single call; optional auto-tagging. - [Batch-revoke whitelistings](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/whitelistings/batch-remove.md): Remove multiple whitelist entries and terminate any active sessions. - [Create whitelisting](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/whitelistings/create.md): Allow a single device MAC to bypass the Captive Portal. - [List active whitelistings](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/whitelistings/list-active.md): Return MACs that currently have an active session in the Context. - [Whitelisting](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/whitelistings/overview.md): API family for allow-listing device MAC addresses so they bypass the Captive Portal on a Sign-In Context. - [Update whitelisting](https://wiki.netgraph-connect.com/docs/sign-in/api-reference/whitelistings/update.md): Edit an existing whitelist entry's name, description, expiry, or tags. - [Access Policies](https://wiki.netgraph-connect.com/docs/sign-in/concepts/access-policies.md): Per-audience rulesets that decide which Sign In Modules a guest can use, what they can do in the Self-Service Portal, and how redirects behave. - [Sign-In Context](https://wiki.netgraph-connect.com/docs/sign-in/concepts/sign-in-context.md): The unit of Sign In inside an Organization: what it contains, how it's configured, and how it relates to the rest of the platform. - [Sign In Modules](https://wiki.netgraph-connect.com/docs/sign-in/concepts/sign-in-modules.md): The authentication methods available on the Sign In Captive Portal, what each is for, and how they relate to Access Policies. - [Application Visibility](https://wiki.netgraph-connect.com/docs/sign-in/features/application-visibility.md): Traffic-level insights into which applications guests use. Requires Service Gateway deployment. - [Data retention](https://wiki.netgraph-connect.com/docs/sign-in/features/data-retention.md): Control how long Sign In keeps login records, session history, and device data. Enforced per Sign-In Context. - [Device blocking](https://wiki.netgraph-connect.com/docs/sign-in/features/device-blocking.md): Block specific devices by MAC address — the opposite of whitelisting. Useful for revoking access or keeping known-bad hardware off the network. - [GDPR data search](https://wiki.netgraph-connect.com/docs/sign-in/features/gdpr-data-search.md): Search, export, or delete one individual's data across a Sign-In Context, in response to a data-subject request. - [Self-Service Portal](https://wiki.netgraph-connect.com/docs/sign-in/features/self-service-portal.md): The end-user companion to the Captive Portal — where the people your Sign-In modules grant a self-service role come back to manage the footprint they own on the network. - [Site-based redirects](https://wiki.netgraph-connect.com/docs/sign-in/features/site-based-redirects.md): Send guests to different URLs based on which venue or network they signed in from. Useful for multi-venue Organizations. - [Statistics and exports](https://wiki.netgraph-connect.com/docs/sign-in/features/statistics-and-exports.md): Dashboards and downloadable reports for login and session data, per Sign-In Context. - [Walled garden](https://wiki.netgraph-connect.com/docs/sign-in/features/walled-garden.md): Let guests reach specific URLs before they sign in. Essential for Captive Portal bypass scenarios, IdP access, and pre-auth service reachability. - [DHCP Option 114](https://wiki.netgraph-connect.com/docs/sign-in/integrations/dhcp-option-114.md): Modern captive-portal discovery via DHCP Option 114 (RFC 8910). Lets guest devices detect and open the Captive Portal automatically, without probe hacks. - [SAML IdP setup](https://wiki.netgraph-connect.com/docs/sign-in/integrations/saml-idp-setup.md): Step-by-step for wiring Microsoft Entra ID (Azure AD), Google Workspace, and Okta to Netgraph's SAML authentication — with walled-garden entries and MFA guidance for the Captive Portal. - [Webhooks](https://wiki.netgraph-connect.com/docs/sign-in/integrations/webhooks.md): Subscribe to Sign-In events at Sign-In Context or Organization scope. Deliveries batch events for efficient throughput. - [Click-to-Connect](https://wiki.netgraph-connect.com/docs/sign-in/modules/click-to-connect.md): Seamless guest WiFi with a single click. The guest confirms Terms and Conditions and is connected — no credentials, no approvals. - [Conference](https://wiki.netgraph-connect.com/docs/sign-in/modules/conference.md): Group-code sign-in for meetings and conferences. Each conference has its own code, active window, and visitor limits. - [Event Access](https://wiki.netgraph-connect.com/docs/sign-in/modules/event-access.md): A pass-through sign-in option that grants network access without verification. Useful for low-friction venues where no guest identification is needed. - [Meeting Host](https://wiki.netgraph-connect.com/docs/sign-in/modules/meeting-host.md): Visitors provide the email of an employee host; the host approves the request, and the visitor gains access. Ideal for corporate lobbies and scheduled visits. - [Password](https://wiki.netgraph-connect.com/docs/sign-in/modules/password.md): Shared passwords that guests use to sign in — either a fixed Static password or a Subscription that rotates on a set interval. Subscribers get the next password by email before each rotation. - [Quick Access](https://wiki.netgraph-connect.com/docs/sign-in/modules/quick-access.md): One-click guest sign-in. The guest accepts terms and is connected immediately. Same module as Click-to-Connect — Quick Access is the admin label, Click-to-Connect is the product name. - [RADIUS](https://wiki.netgraph-connect.com/docs/sign-in/modules/radius.md): Delegate guest authentication to an external RADIUS server — for example a library system or an Organization's visitor system. Sign In acts as the RADIUS client. - [SAML SSO](https://wiki.netgraph-connect.com/docs/sign-in/modules/saml-sso.md): BYOD sign-in for guests who already have an account with your identity provider. Uses the Organization's Self-Service IdP — which user gets through is controlled by the Sign-In Context's Access Policy. - [Self-Provisioning by Email](https://wiki.netgraph-connect.com/docs/sign-in/modules/self-provisioning-email.md): Guests register themselves with an email address and verify via a link. - [SMS](https://wiki.netgraph-connect.com/docs/sign-in/modules/sms.md): Guests register themselves with a phone number and verify via an SMS code. Useful where guests don't check email but always have their phone. - [Username & Password](https://wiki.netgraph-connect.com/docs/sign-in/modules/username-and-password.md): Individual user accounts with a username and password. Useful for returning users, staff, and long-term contractors. - [Whitelist](https://wiki.netgraph-connect.com/docs/sign-in/modules/whitelist.md): MAC-based pre-approval for headless devices that can't interact with a Captive Portal — printers, sensors, signage, IoT. - [Sign In overview](https://wiki.netgraph-connect.com/docs/sign-in/overview.md): Cloud-based guest network with a branded Captive Portal, a range of Sign In Modules, Access Policies, and Cisco-native integrations. - [Sign In quickstart](https://wiki.netgraph-connect.com/docs/sign-in/quickstart.md): Create a Sign-In Context, enable a module, and take a guest through the Captive Portal. - [Cisco Meraki](https://wiki.netgraph-connect.com/docs/sign-in/service-integration/cisco-meraki.md): Connect a Sign-In Context to Cisco Meraki. Pick a Meraki Deployment Type (MAC-based Access Control, optionally with a managed pre-shared key, or Splash Page via RADIUS Server), then mirror the exact Meraki-Dashboard steps shown inline in the Netgraph admin. - [BGP](https://wiki.netgraph-connect.com/docs/sign-in/service-integration/service-gateway/bgp.md): Optional BGP peering between Service Gateway routers and the venue's network. - [DHCP](https://wiki.netgraph-connect.com/docs/sign-in/service-integration/service-gateway/dhcp.md): Configure DHCP scopes served by your Service Gateways. Each scope is an IP range plus options handed to guest devices. - [DNS](https://wiki.netgraph-connect.com/docs/sign-in/service-integration/service-gateway/dns.md): Custom DNS entries served by your Service Gateway — for internal names, service-specific redirects, and sign-in flows. - [Gateways](https://wiki.netgraph-connect.com/docs/sign-in/service-integration/service-gateway/gateways.md): Register Service Gateway routers to this Sign-In Context, and manage the per-gateway IOS configuration template, reserved variables, and custom variables. - [IPsec](https://wiki.netgraph-connect.com/docs/sign-in/service-integration/service-gateway/ipsec.md): IPsec tunnels carry control-plane traffic between your Service Gateway routers and Netgraph. - [Service Gateway overview](https://wiki.netgraph-connect.com/docs/sign-in/service-integration/service-gateway/overview.md): Router-based deployment of Sign In on Cisco Catalyst, IOS-XE, or SD-WAN. The Service Gateway provides DHCP, DNS, IPsec, and BGP services for guest traffic. - [Languages](https://wiki.netgraph-connect.com/docs/sign-in/setup/languages.md): Sign In ships in 13 languages. Captive Portal languages are set per Sign-In Context; Self-Service Portal languages are set per Organization. - [Look & Feel](https://wiki.netgraph-connect.com/docs/sign-in/setup/look-and-feel.md): Brand the Captive Portal: logo, fonts, panel colors, button styling, and the simplified-layout toggle. - [Opening hours](https://wiki.netgraph-connect.com/docs/sign-in/setup/opening-hours.md): Restrict Captive Portal access to specific time windows — useful for venues with fixed operating hours. - [Terms and conditions](https://wiki.netgraph-connect.com/docs/sign-in/setup/terms-and-conditions.md): Present terms of service on the Captive Portal and record acceptance with each guest sign-in. - [Captive-portal detection](https://wiki.netgraph-connect.com/docs/sign-in/troubleshooting/captive-portal-detection.md): Why the Captive Portal sometimes doesn't pop up automatically — iOS Private Wi-Fi Address, MAC randomization, 802.11r roaming, and connectivity-probe quirks. - [RADIUS diagnostics](https://wiki.netgraph-connect.com/docs/sign-in/troubleshooting/radius-diagnostics.md): Diagnose Sign In's RADIUS module: unreachable backend, rejected credentials, protocol mismatch, and timeout behaviour. - [Sign In Module issues](https://wiki.netgraph-connect.com/docs/sign-in/troubleshooting/sign-in-module-issues.md): A checklist for when a module isn't working the way you expect: not appearing on the portal, verification failing, guests getting stuck mid-flow. - [Support checklist](https://wiki.netgraph-connect.com/docs/sign-in/troubleshooting/support-checklist.md): Structured triage for network-access incidents — 1st-line information gathering, categorisation, and when to escalate.