Quick Start Guide

Getting Started with NetKey

Get NetKey up and running in your network environment in just a few minutes. This guide will walk you through the essential setup steps.

Introduction

NetKey is an enterprise-grade RADIUS authentication and Pre-Shared Key (PSK) management platform. It provides secure wireless access control through multiple authentication methods:

EasyPSK

Unique pre-shared keys per user with expiration, VLAN assignment, and usage tracking.

iPSK

Identity-based PSK for device authentication using MAC addresses for IoT onboarding.

802.1X / EAP

Enterprise authentication with PEAP-MSCHAPv2 and EAP-TLS support.

Quick Start

Follow these steps to get your first PSK working in under 5 minutes:

1

Sign in to NetKey

Go to app.netkey.no and sign in with your credentials. If you don't have an account, contact your administrator.

2

Configure Your Wireless Controller

Point your wireless controller or access point to the NetKey RADIUS server. Find your RADIUS server details in the dashboard:

Server Address Settings → RADIUS Clients
Auth Port 1812
Accounting Port 1813
Shared Secret Settings → RADIUS Clients
Where to find your RADIUS server

Log in to app.netkey.no, go to Settings → RADIUS Clients. Your RADIUS server hostname/IP and shared secret are displayed there.

3

Create Your First PSK

Navigate to Access → PSKs and click Create PSK:

  • Enter a name (e.g., "John's Laptop")
  • Set a secure passphrase (or generate one)
  • Optionally set an expiration date
  • Click Create
4

Connect a Device

On your device, connect to your SSID using the PSK passphrase you just created. The RADIUS server will authenticate the key and grant access.

Success!

You should see the authentication in your dashboard's Auth Logs.

Requirements

Supported Wireless Controllers

NetKey works with any RADIUS-compatible wireless infrastructure:

Cisco WLC 9800, AireOS, Meraki
Aruba Mobility Controllers, Instant
Ruckus SmartZone, Unleashed
Fortinet FortiAP, FortiGate
Ubiquiti UniFi Controller
Any RADIUS Standard RADIUS clients

Network Requirements

  • Outbound connectivity to the NetKey RADIUS server (see dashboard) on ports 1812/1813 (UDP)
  • For RadSec: Outbound connectivity on port 2083 (TCP/TLS)
  • HTTPS access to app.netkey.no and api.netkey.no

Browser Support

The NetKey dashboard supports all modern browsers:

  • Chrome 90+
  • Firefox 90+
  • Safari 14+
  • Edge 90+

Architecture Overview

NetKey consists of three main components working together to provide secure wireless authentication:

Client Device Connects to SSID
Wireless Controller Sends RADIUS request
NetKey RADIUS Validates credentials
NetKey Backend User & PSK database

Authentication Flow

  1. User connects to the wireless network with their PSK or 802.1X credentials
  2. The wireless controller sends an Access-Request to NetKey RADIUS
  3. NetKey validates the credentials against the database
  4. If valid, NetKey returns Access-Accept with optional VLAN assignment
  5. The controller grants network access to the client

Your Account

NetKey provides role-based access control. Your organization has its own isolated space with separate users, PSKs, and settings.

Account Types

Role Description Capabilities
Admin Organization administrator Manage users, PSKs, endpoints, and settings
User Regular user View their own PSK and profile
Need an account?

Contact your organization's administrator or reach out to NetKey support at support@netkey.no

Configure RADIUS Client

Your wireless controller needs to be configured as a RADIUS client to communicate with NetKey. Here's the information you'll need:

RADIUS Server Settings

Find these settings in your NetKey dashboard under Settings → RADIUS Clients

RADIUS Server See Dashboard
Authentication Port 1812
Accounting Port 1813
Shared Secret See Dashboard
Your RADIUS server details

Log in to app.netkey.no and navigate to Settings → RADIUS Clients to find your assigned RADIUS server hostname/IP and create shared secrets.

Important

Make sure your firewall allows outbound UDP traffic on ports 1812 and 1813 to your assigned RADIUS server.

Vendor-Specific Guides

See our detailed integration guides for your specific wireless platform:

Create Your First PSK

1

Navigate to PSKs

From the dashboard, go to Access → PSKs in the navigation menu.

2

Click Create PSK

Click the Create PSK button in the top right corner.

3

Fill in the Details

Descriptive name for identification
Minimum 8 characters, mix of letters/numbers/symbols
Leave empty for no expiration
Assign to a specific VLAN
4

Save and Share

Click Create to save the PSK. You can then share the passphrase with the user who will connect with it.

Test Your Connection

After configuring your wireless controller and creating a PSK, test the connection:

  1. On a device, find your configured SSID
  2. Connect using the PSK passphrase
  3. Check the NetKey dashboard → Auth Logs
  4. You should see a successful authentication entry
Troubleshooting

If authentication fails, check:

  • RADIUS shared secret matches on both sides
  • Firewall allows UDP 1812/1813 outbound
  • PSK is not expired
  • SSID is configured for MAC-RADIUS authentication

Next Steps

Now that you have basic PSK authentication working, explore these additional features:

Add Users

Create user accounts and assign PSKs

Configure VLANs

Set up dynamic VLAN assignment

Enable 802.1X

Configure enterprise authentication

API Integration

Automate with the REST API