New Wi-Fi Now Available Campuswide
As of Dec. 17, 2025, the new CU Secure and CU Guest Wi-Fi networks are live in all campus buildings. eduroam is still available, but UCB Wireless and UCB Guest were discontinued. Learn how to connect to campus Wi-Fi.
About CU Secure Wi-Fi
When I click on CU Secure in my list of Wi-Fi networks, I'm prompted to log in, but authentication fails.
Due to CU Secure's certificate-based authentication method, users are not permitted to log in to the network without installing the CU Secure certificate.
To connect to CU Secure Wi-Fi, go to wifi.colorado.edu, click the Install the CU Secure Certificate button, then follow the prompts to complete installation.
Does CU Secure offer better signal strength or connection speed than UCB Wireless?
Not necessarily. In a campus environment, a user's Wi-Fi experience will be heavily dependent on both environmental factors and overall demand for network resources.
- Signal strength is typically affected by the user's distance from a Wi-Fi access point, physical obstructions between the user and the access point, and interference from neighboring Wi-Fi devices.
- Connection speeds are typically affected by the number of networks being broadcast and the number of devices that are connected to or active on a specific access point or overall network.
I'm connected to CU Secure, but my internet is really slow.
If you've been moving around the building, it's possible your device hasn't yet connected to the closest Wi-Fi access point. Once you've settled into a location, turn your Wi-Fi off and on. This should break the device's connection with the more distant access point and connect to the closest one instead.
About the CU Secure Certificate
Why do I need to install a certificate to get on campus Wi-Fi?
Downloading and installing a certificate prior to joining a Wi-Fi network is a new experience for many users, as most public and residential Wi-Fi networks are unencrypted and/or use passwords or device-specific Wi-Fi MAC addresses for authentication rather than certificates.
Those authentication methods are riskier for institutions like CU Boulder, where lost and stolen passwords expose us to data breaches, and device updates can cause Wi-Fi MAC address authentication to fail.
To avoid these issues and provide best-in-class Wi-Fi security, CU Secure relies on the certificate to:
- automatically authenticate your device onto the CU Secure Wi-Fi network
ensure your device connects to our network, rather than an imitation network designed to eavesdrop on your communications or steal passwords (an evil twin attack)
- allow your device to reliably connect to CU Secure regardless of your device's Wi-Fi MAC address or other configuration settings
Why do I need to install an app instead of just a certificate? (Android only)
Due to significant differences between each version of Android, the SecureW2 JoinNow MultiOS app is needed to accurately identify your Android version and install the correct certificate on your device. It also helps you stay registered on CU Secure after upgrading to a newer version.
To learn more, visit the vendor's SecureW2 App webpage.
Can I delete the JoinNow app once my device is set up? (Android only)
Once your Android device connects to CU Secure for the first time, the app doesn't need to be opened again. However, it's strongly recommended that you keep the app installed and active (i.e., not in deep sleep) for two reasons:
- On most versions of Android, uninstalling an application deletes the configuration data associated with it. In this case, it would delete the CU Secure certificate, preventing you from connecting to that Wi-Fi network in the future.
- If you upgrade to a new Android version or experience a connection issue that requires you to "forget" CU Secure and re-authenticate on that device, having the app installed will make the process easier.
Can CU Boulder use the certificate (most devices) or app (Android) to monitor my activities?
No. Neither the CU Secure certificate nor the SecureW2 JoinNow app allows CU Boulder to monitor or access your data.
For developer-provided disclosures, see Google Play's SecureW2 JoinNow Data Safety page.
Are administrative user rights required to install the certificate or connect to CU Secure?
No, CU Secure does not require administrative user rights to complete the certificate installation, nor does it use administrator rights to operate.
What does the onboarding client actually install on my device?
The onboarding client installs a certificate that is unique to you and/or your device, and is required to connect to the network.
What data does the certificate acquire from my laptop and transmit to your system?
The certificate allows your device to connect to CU Secure automatically after initial registration.
- For personal devices, this connection uses first name, last name, email address, IdentiKey, and the device's operating system.
- For Secure Computing devices, this connection uses only the device's serial number.
Register a University Laptop, Smartphone or Tablet
How do I register my university-purchased laptop, smartphone or tablet?
Secure Computing Devices
If your device is enrolled in Secure Computing, then it already has the CU Secure certificate installed. Learn how to identify a Secure Computing device.
Non-Secure Computing Devices
If your device isn't enrolled in Secure Computing yet, follow the instructions under "Register a Personal Laptop, Smartphone or Tablet."
How do I register a shared university laptop (e.g., lab machine, loaner laptop)?
Secure Computing Devices
If the device is enrolled in Secure Computing, then it already has the CU Secure certificate installed. Learn how to identify a Secure Computing device.
Non-Secure Computing Devices
If your device isn't enrolled in Secure Computing yet, the long-term solution is to start or continue the Secure Computing enrollment process. See Secure Computing - Information for IT Professionals.
In the short term, the devices can be allowed to connect to CU Guest Wi-Fi for one year by following these steps:
- If you haven't already, submit a Secure Computing standard exemption request for those devices.
- Once the exemption request is approved, open a ServiceNow request with this information:
- Business Service: CU Guest
- Nature of issue: Allow list
- Description: [Include the Wi-Fi MAC address of each device]
- The devices will be onboarded to CU Guest for one year, per OIT Security policy.
After one year, if your devices still aren't enrolled in Secure Computing, you'll need to renew your exemption and submit a new ServiceNow request.
Can I check to see if my Secure Computing device has the certificate?
To confirm that your Secure Computing device has the CU Secure certificate, search for the CU Secure network or profile.
Windows
- Go to Settings > Network & internet > Wi-Fi > Manage known networks.
- If you see CU Secure (Secure Computing) listed, then your device is ready to go.
Mac
- Go to Apple > System Settings > General > Device Management.
- Under the Device (Managed) heading, if you see CU Secure (Secure Computing) listed, then your device is ready to go.
Register a Personal Laptop, Smartphone or Tablet
How do I register my personal laptop, smartphone or tablet?
To register a personal or non-Secure Computing device (learn how to identify a Secure Computing device) on CU Secure Wi-Fi, you need to install the CU Secure certificate/app.
To get started, go to wifi.colorado.edu, click the Install the CU Secure Certificate button, then follow the prompts to complete the installation process.
For step-by-step instructions, view the CU Secure tutorial for your device's operating system:
While the certificate can also be installed on Chromebooks and other ChromeOS devices, the experience varies widely between devices. See the next FAQ to learn more.
The first time your device is in range of the CU Secure Wi-Fi network, you may need to toggle your Wi-Fi off and on, then select CU Secure from your list of available networks to complete the process.
Going forward, your device should automatically connect to CU Secure whenever it's in range.
Can I register my Chromebook on CU Secure?
Yes, you can install the CU Secure Wi-Fi certificate on Chromebooks and other ChromeOS devices. To install the certificate, go to wifi.colorado.edu, click the install button and follow the on-screen instructions.
If you run into difficulties, please contact the IT Service Center at 303-735-4357 or oithelp@colorado.edu.
Note: OIT support for devices running ChromeOS is limited to issues related to connecting to campus Wi-Fi, logging in to Microsoft 365 apps, and basic device troubleshooting.
The Mac tutorial says to "Always Allow" eapolclient to access the SecureW2 key in my keychain. Is that safe?
You're right to question requests to access items in your keychain. In this case, there are two reasons why it's okay to click Always Allow.
- The EAPoL client ("eapolclient") is part of macOS, not a third-party product, and is used to connect your device to secure Wi-Fi networks like CU Secure.
- You're allowing access to the SecureW2 JoinNow Any Access key only.
Please note: If you click Allow instead of Always Allow, you'll be prompted for your password every time your device connects to CU Secure until you click Always Allow.
Can I check to see if my personal or non-Secure Computing device has the certificate?
To confirm that your device has the CU Secure certificate installed, search for the CU Secure network or profile.
Windows
- Go to Settings > Network & internet > Wi-Fi > Manage known networks.
- If you see CU Secure listed, then your device is ready to go.
Mac
- Go to Apple > System Settings > General > Device Management.
- Under the User heading, if you see University of Colorado Boulder CU Secure, then your device is ready to go.
Android
- Go to Settings > Connections > Wi-Fi.
- Tap the three-dot icon on the upper right ("More options"), then tap Advanced settings > Manage networks.
- If you see CU Secure listed, then your device is ready to go.
iPhone & iPad
- Go to Settings > General > VPN & Device Management.
- Under the Configuration Profiles heading, if you see University of Colorado Boulder CU Secure MobileConfig, then your device is ready to go.
Register a Specialty Wi-Fi Device
Can I register my Wi-Fi printer, gaming system or smart device on CU Secure?
No, specialty Wi-Fi devices must be registered on CU Guest Wi-Fi. Learn how to register a specialty Wi-Fi device.
Note: CU Boulder's Wi-Fi networks don't support wireless printing. Learn about campus printing options.
I manage several business-critical Wi-Fi devices (e.g., QR code scanners, temperature sensors). How do I add them to campus Wi-Fi?
These devices must be registered on CU Guest Wi-Fi, not CU Secure. Learn how to register a business-critical Wi-Fi device.
Re-register a Personal Device
Why do I need to re-register my personal devices every two years?
Unlike a home network, a campus's Wi-Fi environment is highly complex and dynamic, with users constantly joining and leaving the network across a wide area. To enhance security and manage network resources for thousands of users and devices, it's critical for universities to regularly prompt users to verify their identities.
That said, CU Secure's two-year registration period is twice as long as that of UCB Wireless. A longer re-registration period is possible because CU Secure's newer, more secure protocol can support longer Wi-Fi sessions without sacrificing security.
I connect to CU Secure with several devices. Do I need to re-register each one?
Yes. When each device's certificate is within 25 days of expiration, you'll receive an email notification specifying the device that needs to be re-registered.
Remove the CU Secure Certificate
How do I remove CU Secure from my personal device?
See CU Secure Wi-Fi - Troubleshooting for step-by-step instructions.
