Using Cloudessa with Google(R) Two-Step Verification except for WiFi

REQUIREMENT: ORGANIZATIONS USING GOOGLE APPS* AS A USER STORE AND USING GOOGLE TWO-STEP VERIFICATION, WANT USERS TO BE ABLE TO USE THEIR GOOGLE APPS PASSWORD FOR WIFI LOGIN, WITHOUT HAVING TO USE TWO-STEP VERIFICATION DURING THE WIFI LOGIN.

It is possible use Cloudessa RADIUS to authenticate users against your Google Apps domain when Google Two-Step Verification is enabled. However, users will need to have created an “Application Specific Password” for use when logging in via Cloudessa RADIUS.

If Two-Step Verification is not enabled, Cloudessa RADIUS can be used to authenticate users to the WiFi network based simply on the user presenting their Google Apps username and password during the WiFi authentication process. Cloudessa RADIUS will then authenticate the user based on the users Google Apps password.

If Two-Step Verification is enabled, and you do not want to require users to use Two-Step Verification during the WiFi authentication process, users will need to create an “Application Specific Password” to use in lieu of their regular Google Apps password during the WiFi authentication process (when authentication is being performed via Cloudessa RADIUS).

Every user that has Two-Step Verification turned on, will need to have their own Application Specific Password (ASP).

If Two-Step Verification is turned off users just can use their regular Google Apps passwords to log in via Cloudessa RADIUS.

Enabling Google Application Specific Passwords:

1. Log into your Google account and click on Account settings in top right corner of interface.

Log into your account

2. Choose Security tab in navigation menu

Choose Security tab in navigation menu

3. Click ‘Manage access’ button near the ‘Connected applications and sites’ section.

Click [Manage access] button

4. Google may ask you to verify your action. Enter your account password and click ‘Verify’.

account password

5. Once verified, you will be allowed to generate application specific password for Cloudessa.

password for Cloudessa

6. Set name field as Cloudessa and click ‘Generate password’.
NOTE: ‘Cloudessa’ is not a reserved value. You can set any value you like. As an example
‘Cloudessa logs in office WiFi’, etc.

name field

7. Google will generate ASP for you. Use it to log in Cloudessa via Google Apps.

log in Cloudessa

NOTE FOR ADMINISTRATORS. Application Specific Passwords are individual for each user. If you want to use Cloudessa RADIUS to authenticate users to your WiFi network without requiring Two-Step Verification, each user who has Two-Step Verification turned on will need to have an Application Specific Password.


*GOOGLE and Google Apps is a trademarks of Google, Inc.