Core Concepts
Instance
The portal configuration: name, strategy, session lifetime, theme, terms text, linked sites, and subnets.
Auth integration
A reusable OAuth2 identity provider configuration. SDX supports Google, GitHub, and Azure-style integrations, with Azure requiring a tenant value.
Coupon
A generated access code for guest sessions. Coupons can be created on demand or through schedules for repeatable access operations.
Authentication Strategies
| Strategy | Best for | Requirements |
|---|---|---|
| OAuth2 | Corporate guest access, accountable visitor access, identity-backed access | Auth integration, client ID, client secret, and tenant for Azure |
| Coupon | Hospitality, events, front-desk distribution, temporary anonymous access | Coupon generation process and validity period |
Session Lifetimes
A portal session has a time-to-live. The service validates session TTL values from 20 minutes to 7 days. For OAuth2 portals, the authentication window is separate from the session lifetime. Keep the auth window short enough to reduce stale login attempts while still allowing users to complete the identity-provider flow.Sites And Subnets
You apply a captive portal instance to specific sites and subnets. Be precise:- Apply the portal to guest VLANs or guest-only subnets.
- Avoid applying it to infrastructure, management, or staff networks.
- Keep walled garden and identity-provider requirements aligned with your chosen strategy.
Next Step
Configure a captive portal
Create an auth integration, build a portal instance, apply it to a site, and generate coupons.