# Captive Portal

A captive portal can intercept network traffic until a user authenticates his/her connection, usually through a specifically designated login page.

Click **Configure** > **SSID > Captive Portal** to access this screen.

![](https://3893603398-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgVsoqihVR3I0VRYmyO%2Fuploads%2FtDfVtXFZnyddPBKtoD9x%2F1640158592760.jpg?alt=media\&token=98163e65-30b5-47d9-aff2-b04957f950c7)

## Authentication Type

* **Click-through**: Users must view and acknowledge your splash page before being allowed on the network.
* **EnGenius Authentication**: Users must enter a username and password before being allowed on the network. You could edit user settings through **Configure** > **Cloud RADIUS User**.
* **Custom RADIUS**: Enter the **host** (IP address of your RADIUS server, reachable from the access points), **port** (UDP port the RADIUS server listens on for access requests, 1812 by default), and **secret** (RADIUS client shared secret). Optionally,  the **Accounting Server** can be enabled on an SSID that's using WPA2-Enterprise with RADIUS authentication. 
* **Voucher Service**: Edit the access plan for guests for the front desk manager.
* **Google LDAP:**  [**https://doc.engenius.ai/cloud-white-papers/authentication-with-google-secure-ldap-server**](https://doc.engenius.ai/cloud-white-papers/authentication-with-google-secure-ldap-server)
* **Active directory:** [**https://doc.engenius.ai/cloud-white-papers/authentication-with-microsoft-active-directory-ad-server-for-wireless-users**](https://doc.engenius.ai/cloud-white-papers/authentication-with-microsoft-active-directory-ad-server-for-wireless-users)

{% hint style="info" %}
**Note:**\
When the SSID security type is set to **WPA2-Enterprise** or **WPA3-Enterprise**, **only** the **Click-through** authentication type is supported for Captive Portal.
{% endhint %}

## Redirect URL 

Configure the URL to which users will be redirected after successful login.

![](https://3893603398-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LgVsoqihVR3I0VRYmyO%2F-LmcwdHXzG_uMoDUuWI_%2F-LmcwgJ-6JD8Tb1DAH__%2F1566202556813.jpg?alt=media\&token=ff9eadc7-f670-4afc-bd49-6e00617c6a54)

**Redirect to the original URL**: Select this option to cache the initial website from the client during the authentication process and then forward it to the originally targeted web server after the user successfully authenticates.

**Redirect users to a new URL**: Select this option to redirect users to a pre-designated URL after the user successfully authenticates.

## Advanced Setting

![](https://3893603398-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LgVsoqihVR3I0VRYmyO%2F-MiL6vFEk4tl048nB2Pl%2F-MiL9GURCj9TnmUk1z1N%2F1630311859625.jpg?alt=media\&token=e9dda5f1-c8e7-42a1-82e9-b6922d0964aa)

**Session Timeout**: Specify a time limit after which users will be disconnected and required to log in again.

**Idle Timeout**: Specify a time limit for an idle client after which users will be disconnected and required to log in again.

**Walled Garden**: This option allows users to define network destinations that users can access before authenticating. For example, your company's website.

**HTTPS Login:** This option allows users to log in through HTTPS. When you enable it, your password is encrypted, so others could not retrieve your information.