Skip to main content
This guide provides the practical steps for setting up a new Captive Portal, from configuring authentication methods to applying it to your live network.

Part 1: Configure an Auth Integration (OAuth2 Only)

If you plan to use an OAuth2 strategy (e.g., “Login with Google”), you must first configure the Identity Provider (IDP) as a reusable Auth Integration. If you are only using the Coupon strategy, you can skip to Part 2.
1

1. Create a New Auth Integration

In the SDX dashboard, navigate to Connectivity → Captive Portal and select the Auth Integrations tab. Click + Add.
2

2. Configure the Provider Details

  1. Give the integration a descriptive Name (e.g., “Corporate Azure AD”).
  2. Select the Type (Google, Azure, or GitHub).
  3. Enter the credentials obtained from your identity provider’s developer console:
    Client ID
    string
    required
    The public identifier for your application.
    Client Secret
    string
    required
    The secret key for your application. This is sensitive information.
    Tenant ID
    string
    Required only for Azure AD, specifying your organization’s directory.
When creating your application in the IDP’s console (e.g., Google Cloud, Azure Portal), you must add https://auth.altostrat.app/callback as an Authorized Redirect URI. This is a critical step for the authentication flow to work.
3

3. Save and Test

Click Save. A Test URL will be generated. Use this to verify that the authentication flow is working correctly before applying it to a live portal.

Part 2: Create and Configure the Portal Instance

This is the main workflow for creating and customizing your guest network’s login page.
1

1. Create the Portal Instance

Navigate to the Instances tab and click + Add.
  1. Name: Provide a name for your portal (e.g., “Main Office Guest WiFi”).
  2. Authentication Strategy: Choose OAuth2 or Coupon.
  3. Session TTL: Set the duration a user’s session remains active after they log in. This can range from 20 minutes (1200 seconds) to 7 days (604800 seconds).
  4. Auth Integration: If you chose OAuth2, select the integration you configured in Part 1.
  5. Click Create.
2

2. Customize Branding and Appearance

Once the instance is created, click on it to open the editor.
Upload a Logo and a browser Icon (favicon) to represent your brand on the login page.
Customize the look and feel of your portal. All color values must be in hex format (e.g., #0396d5).
  • Accent Text: Color for text on buttons.
  • Accent Color: Primary color for buttons and links.
  • Text Color: Main text color.
  • Secondary Text Color: Lighter text for subtitles.
  • Background Color: Page background.
  • Box Color: Background of the main login container.
  • Border Color: Color for input fields and container borders.
Enter the terms and conditions that users must agree to before connecting. You can use Markdown for basic formatting. Leave this blank to disable the terms of service checkbox.
3

3. Apply the Portal to a Site

The final step is to activate the portal on your network.
  1. In the instance editor, go to the Sites tab.
  2. Click Add Site.
  3. Select the Site where you want to enable the portal.
  4. Specify the Subnet(s) on that site’s network that should be managed by the portal (e.g., your guest VLAN’s subnet, like 192.168.88.0/24).
  5. Click Save.
Altostrat will now orchestrate the necessary firewall and redirect rules on your MikroTik device. New users connecting to the specified subnet will be automatically redirected to your captive portal.

Part 3: Managing Coupon Authentication

If you chose the Coupon strategy for your instance, you can generate access codes in two ways.

On-Demand Coupons

For immediate, manual distribution.
  1. Navigate to your coupon-based instance.
  2. Go to the Coupons tab and click Generate Coupons.
  3. Specify the Count (how many to create, max 200 at a time) and how long they should be Valid For.
  4. The generated codes will be displayed and can be distributed to guests.

Scheduled Coupon Generation

For automated, recurring generation.
  1. Navigate to your instance and go to the Coupon Schedules tab.
  2. Click Add Schedule.
  3. Configure the schedule to automatically generate a batch of coupons on a Daily, Weekly, or Monthly basis (e.g., “Generate 50 new 8-hour coupons every day at 8 AM”).
  4. Select a Notification Group to receive an email with a link to the generated coupons.

Part 4: Monitoring and User Management

From the main site overview page, navigate to the Captive Portal Users tab to see a list of all users who are currently active or have previously connected through the portal at that site. From here, you can:
  • View session details like IP address, MAC address, and session expiration.
  • Manually disconnect an active user session if needed.