Many times we will require mbox to use external user database, for Single-Sign-On purposes. There're a few ways for mbox to make use of external databases:
- API integration with external CRM/PMS system.
- Social media integration.
- Proxy to external RADIUS server
- Integration with external AD/LDAP servers
- POS server/machine integration for voucher management
API integration with external CRM/HMS system. This integration is typically supported at captive portal level. Usually this type of API integration are customized together with the landing pages however, it's possible to integrate with mbox RADIUS for user access accounting. For example, the HotSpot controller/captive portal is built with API codes to communicate directly with external membership server.
- When user enters their credentials at landing page, it will be forwarded to external API server for authentication via an encrypted SSL tunnel (as defined in API).
- API server will return with a Access-Reject/Accept code to landing page, then it will inform hotspot access controller to permit/deny user access.
- Access controller will start to add user accounting records into RADIUS database (login name, IP address, MAC address, login time, logout time, during of stay, total data download, etc etc)
API integration is usually available as a chargeable customization service, upon requests.
Social media integration. This is similar to API integration, but to some well-known social media sites using standard OpenAPI technology. More details can be found here.
Proxy to external RADIUS server. This is using standard RADIUS proxy for mbox RADIUS to communicate with upstream RADIUS servers, where the user accounts are hosted. mbox RADIUS can proxy to multiple upstream RADIUS servers, and it "realms", which is username prefix/sufix, to identify which upstream RADIUS to forward to. In this setup, mbox doesn't host any user accounts, but it keeps all user session accounting records. Do note that mbox RADIUS can authenticate both captive portal users and WPA2/dot1x users (wireless controller will be a RADIUS client to mbox RADIUS).
Example below is a Wireless@SG configuration for mbox to forward to upstream ISP RADIUS server (where user accounts are hosted).
Related configuration on RADIUS proxy configuration (realms):!security radius-server!below are RADIUS clients client 127.0.0.1 key testing123 name customer-HSG client 172.16.0.34 key XXxxxx name customer-WLC034 client 172.16.16.26 key XXxxxx name customer-WLC26 !below are upstream RADIUS servers realm isp1 @ suffix nostrip <externalradiusip> <radiuskey> realm isp2 @ suffix nostrip <externalradiusip> <radiuskey> realm wlan.mnc001.mcc525.3gppnetwork.org @ suffix nostrip <externalradiusip> <radiuskey> data-lifetime 30 start !
Integration with external AD/LDAP servers. This is similar to RADIUS proxy, but using LDAP protocol to communicate with upstream AD/LDAP servers, where user accounts are hosted. Typically, the AD servers are hosted internally within company network.
Integration with POS system for voucher management. Many F&B outlets today offers free Wi-Fi for their customers to attract more crowds, but the biggest challenge is to ensure the users are the real customers who have made the purchases from the outlets (instead of people nearby or those who simply sit down there to enjoy free Wi-Fi). mbox has developed an open API for external POS server to communicate and sync the invoice no. with mbox passcodes for voucher management. By integrating with POS server, a passcode will be printed on the receipt as a voucher to login to Wi-Fi, each time when users make a purchase. The passcode is unique (eg. invoice no.) to make sure it can’t be re-used and it’s only valid for a limited duration (eg. 1 hour). This makes sure users do not hog the seats and if they do need to stay, they will buy another drink from the outlets. Indirectly, it also helps to drive up potential sales for the venue owners.
POS system integration is available as a chargeable customization service, upon request.
Integration with payment gateway. HSG can integrate with 3rd-party payment gateway such as 2checkout.com, which allows users to do self-registration with an given login ID (usually the email), then they can purchase Wi-Fi usage plan using their credit cards. Please see attached video for an illustration.