{{ $t('productDocDetail.updateTime') }}: 2025-12-29

 Due to this WeChat developer only has a Chinese version, so the screenshot will be in Chinese characters.

Configuration Example: A customer has an intranet segment 192.168.3.0/24 dedicated to authenticating users using WeChat or QR codes. A mobile user can follow the WeChat public account by tapping or scanning and be authenticated for Internet access. When a PC user accesses the Internet, a QR code is displayed. To access the Internet, the PC user must use a mobile phone that has been authenticated to scan the QR code. After being authenticated, the users are not added to the local organization structure of the IAG and can access the Internet based on the permissions assigned to the Limited Group.

The configuration procedure is as follows:

1. Apply for a WeChat public account and enable the developer mode on the WeChat public platform. (If OPENIDs are not used as usernames to access the Internet through scanning, you do not need to enable the developer mode.)

2. Navigate to Access Mgt > Authentication > Web Authentication > Auth Server and add the WeChat authentication server and QR code authentication server.
3. Choose Access Mgt > Authentication > Web Authentication > Authentication Policy [LCH353]and set an authentication policy for the network segment 192.168.3.0/24[A354].
4. Demonstrate WeChat authentication through tapping or scanning.
5. Demonstrate QR code authentication. The configuration procedure is as follows:

Step 1.Apply for a public account on the WeChat public platform and enable the developer mode.

We recommend that you apply for a service account on the platform and get certified by the platform. Then, you can adopt both the tapping and scanning means for a good user experience.

Access https://mp.weixin.qq.com/, click the registration link in the upper-right corner, and follow the instructions to select an account, enter the related information, and upload the required materials to complete registration.

Step 2.Add WeChat-based authentication server in the Access Mgt > Authentication > Web Authentication > Auth Server.

Select Enable and Connect to Wi-Fi via WeChat:

To use the third-party service platform of WeChat, configure Third-Party Service Platform Connection Options. For sample codes and description documents, download Third-Party Service Platform-Developer Documentation from the interface.

Select Connect to Wi-Fi via WeChat[355]:

1. Apply on the WeChat public platform to enable the function of connecting to Wi-Fi via WeChat:

2. Create a new shop.
3. Add a new device.

The names of the network and Wi-Fi should be consistent

4. Obtain SSID and other information.[356]

5. Configure the Connect to Wi-Fi via WeChat policy.

Step 3.Navigate to Access Mgt > Authentication > Web Authentication > Auth Server and add the QR code authentication server.

Authenticator: In this example, select All Users, which are all the authenticated users. This means that a mobile phone of an authenticated user can be used to scan a QR code to implement authentication. To assign the approving permission only to specified groups and users, click and select them in the organization structure.

User validation: Show captive portal and user information is selected, and the approver scans the QR code for authentication. Then the mobile phone of the approver displays a page prompting for information about Internet access users.

If Not show captive portal and log in as authenticator is selected, users access the Internet as the approver and have the permission of the approver. In this case, the approver must be a public account.

Step 4.Choose User Authentication > Authentication Policy and add an authentication policy. Setting the objects:

Set Authentication Method to Password-based and WeChat Server to QR Code Server.

Action: Users authenticated using WeChat or QR codes are not local users or domain users. Select the /Visitor/ group. Then, authenticated visitors can access the Internet based on the permissions assigned to the group.

The visitors authenticated using WeChat or a QR code are not added to the organization structure on the IAG. Therefore, do not select Add Non-Local/Domain Users To Group.

Step 5.Demonstrate WeChat authentication.

1. A customer connects to a hotspot in a store. The web browser displays the portal page, instructing the customer to start WeChat.

2. The customer starts WeChat and follows the WeChat public account of the store.
3. The customer can use the following methods to access the Internet:

Method 1: Tap Access Internet on the WeChat public account page. WeChat displays the Internet access message, which can be customized at Access Mgt > Authentication > Web Authentication > Custom Webpage.

Method 2: Send the specified letter w (not case-sensitive). WeChat returns the Internet access message.[A357]

User authentication through scanning:

1. A customer enters a store and sees a poster introducing WeChat authentication for Internet access and a WeChat QR code. The customer connects to a hotspot.

2. The customer starts WeChat and scans the QR code. The page for following the WeChat public account of the store is displayed.
3. The customer follows the account and taps Allow Access Internet. The user is authenticated and can access the Internet. The username displayed in the online user list of the IAG is an OPENID of the WeChat user.

[358]

Step 6.Demonstrate QR code authentication.

A customer enters a store and connects to a hotspot using a PC or tablet PC. The customer opens a web browser, and it displays the authentication page. The customer selects QR Code Authentication.

Use a mobile phone that has been authenticated to scan the QR code with WeChat. The PC displays the Authentication success message. Then, the customer can access the Internet.