We’ve built an 802.1X platform that authenticates clients via external Identity Providers (Google, Azure, etc.) using OIDC to provision user accounts. Users enroll on a self-service page, complete the OIDC flow, and generate a username/password to authenticate. We continuously use the refresh token to re-verify users.<p>Why did we build this? Many RADIUS services push EAP-TLS, which is great but requires PKI and an MDM for policy deployment. Username/password options either require admins to manually provision accounts or rely on LDAPs (typically for on-prem AD and NPS).<p>Additionally, most VPN vendors charge extra for MFA, which means paying for it on top of everything else. We wanted a single solution for authenticating both Wi-Fi and VPN users with MFA, using the same credentials.<p>As someone who transitioned from IT to software development, I saw a gap in the market for customers who can’t deploy EAP-TLS but still need strong network access control. This is especially common in environments like education, where you can’t control every device.<p>I’d love feedback! Feel free to reach out via email at kiern@leilani.dev or text me at (518) 360-0649.