We’ve built an 802.1X platform that authenticates clients via external Identity Providers (Google, Azure, etc.) using OIDC to provision user accounts. Users enroll on a self-service page, complete the OIDC flow, and generate a username/password to authenticate. We continuously use the refresh token to re-verify users.
Why did we build this? Many RADIUS services push EAP-TLS, which is great but requires PKI and an MDM for policy deployment. Username/password options either require admins to manually provision accounts or rely on LDAPs (typically for on-prem AD and NPS).
Additionally, most VPN vendors charge extra for MFA, which means paying for it on top of everything else. We wanted a single solution for authenticating both Wi-Fi and VPN users with MFA, using the same credentials.
As someone who transitioned from IT to software development, I saw a gap in the market for customers who can’t deploy EAP-TLS but still need strong network access control. This is especially common in environments like education, where you can’t control every device.
I’d love feedback! Feel free to reach out via email at kiern@leilani.dev or text me at (518) 360-0649.
