Effort Underway to Modernize Network Authentication—Certificate-Based Process Coming to eduroam

Update: May 15, 2025

Northwestern IT continues to advance the Campus Data Network Authentication Deployment project. On July 22, we will introduce updated instructions for the new method to configure unmanaged or BYOD (Bring Your Own Device) devices to seamlessly authenticate to the eduroam wireless network. Users will find the instructions in the IT Knowledge Base and can follow the new configuration process to connect their personal phones, tablets, laptops, and other mobile devices to the eduroam network.

IT teams across Northwestern have begun remotely configuring all University-managed devices to apply the new authentication method and will complete the updates by fall 2025. Configuration changes for managed devices are handled similarly to the typical patching process for University devices. Users with questions about how or when their managed University-owned device will be transitioned to the new authentication method may contact the local technical support group for their school, unit, or department.

From July 22 through spring 2026, the existing and new eduroam authentication methods will continue to operate in parallel. Future updates will solidify the date when the older authentication method will be discontinued.

************************************************************************************************

Published October 14, 2024

Northwestern IT is moving forward with the Campus Data Network Authentication Deployment project, which will modernize network authentication at Northwestern and ensure all devices accessing the eduroam wireless network, as well as our other secure networks, connect through a seamless experience while prioritizing the safety of University and user data. IT teams across the University are currently testing the new authentication process, which will be rolled out to all eduroam users. The project will streamline connecting to eduroam by moving from a NetID-based sign-in process to a certificate-based model.

Transitioning to the new process will require users to follow a guided process that automatically installs a new security certificate on any personal device they plan to connect to the eduroam Wi-Fi network. The certificate installation process will automatically configure appropriate settings for each device and will prevent users from having to log back into the network after changing their password. Devices will be recognized for five years if the user continues to have an active NetID. The change will not affect the sign-in process for any University applications. University-owned devices managed by school or unit IT will automatically receive new certificates; no user-initiated steps are required for those devices.

The first phase of this project to enable the new authentication method on eduroam will run through fall 2025 when the old authentication method will be disabled. Later in FY25, work will begin enabling authentication on wired network connections in select locations.

The updated authentication process will pave the way for further security enhancements with the later establishment of role-based access control (RBAC) for users and devices signing into the network. This change will allow special access and permissions to move with users and devices connected anywhere on the University network.

Northwestern IT will continue to collaborate with campus IT partners on the project's next steps and will notify users before the deployment of the new protocols begins. Stay tuned for more information, and review the project web page for updates.