How to Setup a Captive Portal for BYOD Devices – Part 3

Setting up a captive portal can be an effective way to filter and manage BYOD devices. This technique is useful when a BYOD device is not managed by a domain controller, but you still want to identify the student, and apply their specific group policy.

Start by considering the following:

  • Are you performing SSL decryption on your network? If so, this may determine the method you use to identify users with the captive portal.
  • If so, do you have a plan for how you will ask BYOD device holders to install your SSL certificate?

Then, review the following prerequisites:

  • Confirm that you have per-user filtering with a defined client/group structure
  • Review your Netsweeper deployment architecture and what functionality is available to you.
    • e.: HTTPS cookie injection (used in some captive portal configurations) requires NSProxy and SSL decryption.
  • Confirm which Netsweeper authentication module you will use.
  • Confirm that Netsweeper can properly communicate with your authentication source.

Once you are comfortable with the above prerequisites, you’re ready to setup your captive portal:

  • Configure the WebAdmin to use the authentication redirect portal.
  • Configure filtering groups that will use the authentication redirect functionality.
  • Validate that filtering functionality is operating as expected.

Yup, it’s that easy, although if you do run into any hiccups, Netsweeper’s technical support team ( is more than happy to assist.