Roam if you want to

If you operate a network that offers free public access, please consider enable OpenRoaming as another way to connect. You can learn more about OpenRoaming itself here. It is hands-down the BEST way to offer fast, frictionless, free and secure Wi-Fi for users.

In an effort to accelerate global adoption of OpenRoaming, Purple is has recently started offering it as part of their free subscription tier for any business to use.

https://www.globenewswire.com/news-release/2025/11/21/3192859/0/en/Purple-s-free-initiative-to-accelerate-OpenRoaming-adoption-for-businesses.html

You can use this in one of two ways:

1. Advertise an OpenRoaming capable SSID, using Purple’s authentication servers (Purple is performing the ANP function).
2. Provision your device with an credential profile allowing it to connect to OpenRoaming networks all over the world (Purple is performing the IDP function).

Access Network Provider (ANP) setup

If you want to support OpenRoaming, here’s what you need to do:

1. Sign up for a Purple Connect account here
2. Setup a new Location
3. Add your AP MAC Addresses and model

4. View the manual and follow the instructions for ‘PurpleConnex’ (the Purple app which supports OpenRoaming)

To summarise, you need to configure:

• An SSID that supports WPA2/3 Enterprise authentication
• Hotspot 2.0 / Passpoint configuration with Purple’s NAI Realm and EAP configuration
• Purple authentication servers using RadSec
• Enable RADIUS Accounting
• Include the AP’s MAC Address as Called Station ID
• Purple’s RadSec Server Root CA certificate (this wasn’t in the HPE Aruba instructions, but necessary)

Once configured, any OpenRoaming device that is configured to use either of the below RCOIs will be able to connect!

Here is what my test SSID looks like:

Using Purple credentials to connect to an existing OpenRoaming network

If you want to provision your device using Purple as an IDP to connect to an existing OpenRoaming network, here’s what you need to do:

1. Download the PurpleConneX app on your device
2. Create and login with a free account
3. Accept the prompt to add a new network profile to your device

Your device will then automatically connect to any SSID that advertises the WBA RCOI (5A03BA).

Here is a packet capture showing a PurpleConneX provisioned device connecting to an SSID using the WBA OpenRoaming RADIUS test server.

Challenge to networking vendors

Purple have made the first move by offerring OpenRoaming for free.

I believe all cloud managed networking vendors should offer a drop-down option to enable OpenRoaming on an SSID with a hosted RadSec Proxy / ANP for no additional licensing cost.

Also Apple and Microsoft, please include device native OpenRoaming functionality as an option to use the account that is signed into the device. This is already possible with a Google account on Android.

Only when OpenRoaming is free for users, simple for administrators to deploy, and simple to use will we see the uptake of this awesome technology.