Creating a Hotspot 2.0 Identity Provider

Follow these steps to create a Hotspot 2.0 Identity Provider - Network Identifier.

1. Configure the following:
   1. Name: Enter a name or this network identifier profile.
   2. Description: Enter a description for the network identifier profile.
   3. PLMNs: Each record contains MCC and MNC.

      MCC: Set the correct country code for the geographical location. This is required when the controller sends MAP authentication information. Type the mobile country code digits. Decimal digit strings with maximum length of 3 and minimum length of 2.

      MNC: Set the mobile network code based on the geographical location. This is required when controller sends MAP authentication information. Type the mobile network code digits. Decimal digit strings with maximum length of 3 and minimum length of 2.

   4. Realms: List of NAI realms corresponding to service providers or other entities whose networks or services are accessible via this AP. Up to 16 NAI realm entries can be created. Each NAI realm entry can contain up to four EAP methods. You can add a realm by providing the realm Name, Encoding technique (choose between RFC-4282 and UTF-8) and EAP Methods.
   5. Home Ols: Organization Identifier (OI) is a unique value assigned to the organization. User can configure a maximum of 12 OI values and can adjust the order since the AP takes only 3 OIs in the beacon.
2. Click Next.

Follow these steps to create a Hotspot 2.0 Identity Provider - Online Signup and Provisioning.

1. Configure the following:
   1. Provisioning Options
      • Provisioning Service: The provisioning service is responsible for any subscription provisioning process in which messages are communicated between the UE and the SZ resulting in a PPS-MO provisioned into the UE. The provisioning supports both SOAP-XML and OMA-DM as communication protocols for the process based on the initial request coming from the UE. The provisioning service supports sign-up; remediation and policy update flows where the UE is provisioned with a full PPS -MO or only with internal node/s of the PPS-MO. Administrator can only set External Internal Provisioning Services. , where the administrator is required to fill the external OSU server URL.
      • Provisioning Protocol: Select communication protocols OMA-DM or SOAP-XML.
   2. Online Signup Options
      • OSU NAI Realm: This configuration is only for External Provision Service. In case of Internal Provisioning Service, the NAI realm should be configured per authentication service, which is available during on-boarding.
      • Common Language Icon: This is the default icon presented in the device for this identity provider in case the device does not find any match for other icons per language in the table.
      • OSU Service Description: This table configures the friendly name, description and icon per language. This information is presented on the device when it receives ANQP message which includes OSU providers. Friendly names, which are required to be part of the OSU certificate is automatically populated in this table. In case description is also included in the OSU certificate it is automatically populated into the table. Administrators are required to set the matched icon per language as included in the OSU certificate.
      • Whitelisted Domain: Add the domain names of the External Portal domain.
2. Click Next.

Follow these steps to create a Hotspot 2.0 Identity Provider - Authentication.

1. Configure the following:
   1. Realm: configure the realm mapping to the authentication service.
   2. Auth Service: map the realm to an external RADIUS server which should be pre-configured.
   3. Dynamic VLAN ID: type the VLAN ID.
2. Click Next.

Follow these steps to create a Hotspot 2.0 Identity Provider - Accounting.

1. Configure the following:
   1. Realm: if the authentication's realm is set as remote credential type, administrator should set this realm here to the customer's external accounting server.
   2. Accounting Service: select the accounting service.
2. Click Next.