NetNXT Logo

How to Configure JumpCloud Cloud RADIUS for Secure Office Wi-Fi Login?

January 29, 2026
2 min read
ByNetNXT

Overview

JumpCloud’s Cloud RADIUS allows users to log in to office Wi-Fi using their JumpCloud email and password, rather than a shared static PSK (Pre-Shared Key). This improves security—when an employee leaves, you simply suspend their user in JumpCloud, and their Wi-Fi access is instantly revoked.

Prerequisites

  • Public IP: The Public IP address of your office network (WAN IP) where the Access Points (APs) reside.

  • Administrator Access: To both JumpCloud and your Wireless Controller (e.g., Meraki Dashboard/UniFi Controller).

Step 1: Configure JumpCloud RADIUS Server

  1. Log in to JumpCloud Admin Portal > User Authentication > RADIUS.

  2. Click (+) to add a new RADIUS server.

  3. Name: Office Wi-Fi - HQ.

  4. RADIUS Server IP: This is usually pre-filled (e.g., radius.jumpcloud.com or radius.eu.jumpcloud.com).

  5. Shared Secret: Click Generate. Copy this—you will need it for your Access Points.

  6. RADIUS Client IPs: Click Add IP.

    • Label: HQ Gateway.

    • IP Address: Enter your office's Public WAN IP.

    • Note: Cloud RADIUS does not talk to your internal AP IP (e.g., 192.168.1.50). It talks to your Firewall's public IP.

  7. User Groups: Assign the All Users or Wi-Fi Users group. Users must be in this group to authenticate.

  8. Click Save.

Step 2: Configure Your Wireless Access Point (Example: Meraki/UniFi)

  1. Log in to your Network Controller.

  2. Navigate to Wireless > SSIDs (or Wireless Networks).

  3. Security: Select WPA2-Enterprise.

  4. RADIUS Server:

    • Host: radius.jumpcloud.com (Check your console for your specific region).

    • Port: 1812

    • Secret: Paste the Shared Secret from Step 1.

  5. Save and Deploy.

Step 3: End User Connection

  • Device: User selects the Wi-Fi network (SSID).

  • Username: Their JumpCloud Email (e.g., john@netnxt.com).

  • Password: Their JumpCloud Password.

  • Certificate Prompt: On the first connection, they may see a prompt to "Trust" the JumpCloud certificate (Radius). Click Trust/Accept.

FAQ

1) How does JumpCloud Cloud RADIUS improve Wi-Fi security over a shared password?

Cloud RADIUS replaces shared PSKs with per-user authentication. When a user is suspended in JumpCloud, their Wi-Fi access stops immediately without changing the network password.

2) What IP address should be added as the RADIUS client in JumpCloud?

You must add your office firewall’s public WAN IP. JumpCloud Cloud RADIUS communicates with this public IP, not internal access point addresses.

3) Which Wi-Fi security mode is required for JumpCloud RADIUS to work?

You must configure the SSID to use WPA2-Enterprise (or WPA3-Enterprise). This enables username and password authentication against the JumpCloud RADIUS server.

4) What credentials do users enter when connecting to Wi-Fi?

Users enter their JumpCloud email address as the username and their JumpCloud account password to authenticate to the Wi-Fi network.

5) Why do users see a certificate trust prompt on first connection?

The device prompts to trust the JumpCloud RADIUS certificate during the first connection. Users must accept it to establish secure authentication for future logins.

Was this article helpful?