Skip to content

Create a hotspot

Create a secured hotspot that forces devices to authenticate before they're allowed to access the internet.


In many countries, operating a public hotspot is subject to specific national laws, restricting access to websites of legally questionable content, for example, file-sharing sites or extremist websites. Legal regulations may require you to register your hotspot with the national regulatory body.

Enable hotspot

Turning an access point into a hotspot allows you to provide time and traffic restricted internet access to guests. To turn your access point into a hotspot, do as follows:

  1. Go to My Products > Wireless > SSID.
  2. Click an existing SSID.
  3. Go to Advanced Settings > Captive Portal and click Enable hotspot.
  4. Enter the Landing page details:

    • Page title: Set the title of the captive portal page seen in the browser.
    • Welcome text: Set the welcome message seen on the captive portal page.
    • Terms of service: Set the terms of service that users must agree to before accessing the network.


    You can customize the hotspot using the template drop-down menu at the top of the page. When selecting a custom template you can upload a company logo, and change background color. See Customize hotspot.

  5. Select an authentication type to define how users can access the hotspot. Choose from the following:

    • None: No authentication.
    • Backend authentication: Allows authentication via a RADIUS server with Password Authentication Protocol (PAP). You must configure the following options:

      • RADIUS server IP: The IP address of the RADIUS server.
      • RADIUS port: The port to use when connecting to the RADIUS server. Default is 1812.
      • Shared secret: The shared secret to use when connecting to the RADIUS server.
    • Password schedule: Creates a new password automatically on a fixed schedule. You must configure the following options:

      • Schedule: Sets the frequency at which the access point creates a new password. Choose from the following options:

        • daily: Set the time the access point creates a new password each day.
        • weekly: Set the day of the week and time of day that the access point creates a new password.
        • monthly: Set the week of the month, day of the week, and time of day that the access point creates a new password.
      • Timezone: Choose the timezone for the hotspot from the drop-down menu.

      • Notify all admins: Select to notify all Sophos Central admins of the password change.
      • Other users: Enter the email addresses you want to send the password to.
    • Social login: Allows authentication via social media accounts. You can configure the following options:

      • Google: Selecting Enable allows users to sign in with their Google credentials.

        You'll need your organization's Google Client ID and Client secret. You can get your Google Client ID and Client Secret from the Google Developer Console by logging in using your organization's account. Create a New Project from the Credentials section, then get the Client ID and Client Secret.

      • Facebook: Select Enable to allow users to sign in with their Facebook credentials.

        You'll need your Facebook App ID and App secret from the Facebook Developer Account. To get these, log in to the Facebook developer site using your organization's account and create an app from the "My Apps" section. Get the App ID and App secret from the "Settings" section.

      • Authorized domain: You can set the authorized domain for Google and Facebook.

      • Session timeout: You can set Session Timeout between 1 and 24 hours.
      • Re-login timeout: Select Enable to stop users from signing into the network for 24 hours after they authenticate for the first time.
    • Voucher: Use printable vouchers with time limits for authentication.


      You must save the SSID settings after choosing voucher as the authentication type before you can create new vouchers. The next time you edit the SSID, the Create voucher button is avsailable. See Create a voucher.

  6. Choose the Redirect URL from the following options:

    • Redirect to original URL: Redirects users to the website they originally wanted to reach after authentication.
    • Custom URL: Redirects users to a specific website after authentication. Enter the URL in the Custom URL field.
  7. Save your settings. The hotspot is available after Sophos Central updates the access point.