We are looking at making the experience for our laptop users more streamlined when off site, we recently merged with another College who was using AD and DirectAccess. We can use OpenVPN on our laptops to do the same thing, however 802.1x poses a problem.

We use the 802.1x option with the client so that machines will either sign into the WiFi or Ethernet (we are doing 802.1x on Ethernet as well) then login to OES. Off site there is no 802.1x network to authenticate to. I can create 2 login profiles, but then the user has to pick and I'd like to remove that if possible.

If instead of hard failing when the client can not complete a 802.1x connection, having an option to say "Attempted login if 802.1x fails" would be really welcomed, then we wouldn't need a second profile.

As I see it, best case the login succeeds as the client can actually talk to the OES servers anyway, worst case user would see either the 802.1x message or the tree/server not found message.