Private Pre-Shared Key: Simplified Authentication

Organizations that are planning wireless LAN’s to support corporate devices, BYOD, guest access, may be struggling to find the balance between flexibility and security. Though using IEEE 802.1X is the most secure approach to Wi-Fi authentication, this method is typically only implemented for devices managed by IT. For BYOD, contractors, or guests, the IT staff may not have the access, time, or knowledge to provision certain devices. Alternatively, Pre-Shared Key’s offer organizations simplicity, however, with every device sharing the same key across an SSID, the ability to control and monitor individual devices is lost. Additionally, if the key is compromised, it must be changed on every single device that uses it which is not scalable.

Personalized Access

Aerohive's Security Suite

Private PSK - Simple and Secure 

A simple yet powerful authentication method:

  • 1000’s of unique Pre-Shared Keys per user or device within a single SSID
  • Customizable security policies per PPSK group including VLAN assignment, time of day access, bandwidth allocation, and firewall settings
  • Revoke a single key without affecting the rest of the network
  • Self-registration against AD for personal BYOD
  • Time-based key validity for guest access
Application Visibility and Control 

Provides IT with visibility and granular control over mobile applications:

  • Prioritize and control of specific applications based on user and device identity
  • DPI firewall built-in to all Aerohive Access Points to restrict usage of social, peer-to-peer, streaming and other troublesome applications
  • QoS classification engine to enhance performance of mission critical applications such as voice and video
  • Monitor application usage per user, device, SSID, and location in HiveManager’s powerful contextualized dashboards
BYOD and Guest Management 

Cloud-based ID Manager application enables simple and secure on-boarding of transient and personal devices:

  • Allow employees to sponsor guests or their own personal devices by creating accounts individually or in groups
  • Credentials can be securely delivered by SMS to any mobile device, anywhere in the world
  • Multiple secure access profiles – from short-term guests to fully-secure employee BYOD or personal devices
  • Employee approval for guest self-registration
  • Integrates existing RADIUS authentication systems to streamline deployments and meet compliance mandates
Protection Inside and Out 

With a range of protection services built into every access point, you can safely unleash mobility throughout your organization:

  • Fully stateful layer 2-7 firewall policies personalized to specific user groups or devices
  • On-board RADIUS Server, CA and AD integration to leverage existing user database
  • OS/Device classification engine enables granular policy enforcement
  • Scheduled SSID availability
  • WIPS policy for rogue detection and mitigation
  • TPM chips inside every AP encrypt precious data from physical theft
  • GRE and VPN tunneling to DMZ or remote locations
  • Comprehensive monitoring and reporting
End-to-End Security 

With a rich set of partner integrations and API’s, administrators can seamlessly extend mobile device security beyond the edge of the network:

  • MDM partnerships with AirWatch and JAMF enable secure self-enrollment of device profiles and restricted network access of non-registered devices
  • NAC integration with Impulse, Bradford, and Lightspeed to enforce device compliance


Download our documents to learn more about Aerohive's security solution!


  • PPSK Brochure
    Wi-Fi Security – More Control, Less Complexity With Private Pre-Shared Key

Solution Briefs