Skip to main content

Documentation Index

Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt

Use this file to discover all available pages before exploring further.

Captive portals let you control guest access on selected site subnets. A user connects to the guest network, reaches the portal, authenticates with OAuth2 or a coupon, and receives temporary access according to the portal session settings. Use captive portals for guest Wi-Fi, hospitality access, event access, shared workspaces, or any site where temporary internet access needs to be governed and auditable.

Core Concepts

Instance

The portal configuration: name, strategy, session lifetime, theme, terms text, linked sites, and subnets.

Auth integration

A reusable OAuth2 identity provider configuration. SDX supports Google, GitHub, and Azure-style integrations, with Azure requiring a tenant value.

Coupon

A generated access code for guest sessions. Coupons can be created on demand or through schedules for repeatable access operations.

Authentication Strategies

StrategyBest forRequirements
OAuth2Corporate guest access, accountable visitor access, identity-backed accessAuth integration, client ID, client secret, and tenant for Azure
CouponHospitality, events, front-desk distribution, temporary anonymous accessCoupon generation process and validity period
OAuth2 is strongest when you need to know who authenticated. Coupon access is strongest when staff need a simple code-based workflow that can be generated, shared, and expired.

Session Lifetimes

A portal session has a time-to-live. The service validates session TTL values from 20 minutes to 7 days. For OAuth2 portals, the authentication window is separate from the session lifetime. Keep the auth window short enough to reduce stale login attempts while still allowing users to complete the identity-provider flow.

Sites And Subnets

You apply a captive portal instance to specific sites and subnets. Be precise:
  • Apply the portal to guest VLANs or guest-only subnets.
  • Avoid applying it to infrastructure, management, or staff networks.
  • Keep walled garden and identity-provider requirements aligned with your chosen strategy.

Next Step

Configure a captive portal

Create an auth integration, build a portal instance, apply it to a site, and generate coupons.