Captive Portal Guide: Everything Resellers Need to Know (2026)

A 12-location restaurant group in Southeast England switched their captive portal from email-only login to WhatsApp OTP in January 2025. Their capture rate jumped from 31% to 58% within three weeks. The technical change took 20 minutes. The revenue impact over the following quarter — from a larger email list, higher campaign engagement, and richer guest profiles — was disproportionate to the effort.

That's the captive portal in a nutshell: a piece of infrastructure that most businesses treat as an afterthought but that, when configured properly, becomes the highest-converting data capture tool in their entire marketing stack.

This guide covers every dimension of captive portals that matters to resellers. Not the networking fundamentals you'd find in a Cisco certification textbook — the business and conversion dimensions that determine whether your WiFi marketing service generates meaningful data or collects digital dust.

---

What a Captive Portal Actually Does

A captive portal is a web page that intercepts a guest's network connection and requires some form of interaction before granting internet access. When someone connects to a WiFi network with a captive portal enabled, their first HTTP request is redirected to the portal page instead of their intended destination.

The redirect mechanism depends on the hardware vendor:

• •DNS redirection — The access point's DNS server resolves all domains to the portal IP address until the guest authenticates.
• •HTTP 302 redirect — The AP intercepts the first HTTP request and returns a redirect response to the portal URL.
• •ICMP redirect — Less common, used by some legacy controllers.
• •Walled garden — The AP allows traffic only to whitelisted domains (the portal, payment gateways, consent pages) until authentication completes.

Modern captive portals are cloud-hosted. The portal page lives on a CDN, not on the access point itself. The AP redirects to a URL; the portal renders in the guest's browser; upon successful authentication, the portal tells the AP (via API callback or RADIUS response) to grant the device internet access.

Why this matters for resellers: cloud-hosted portals mean you can update the splash page design, change authentication methods, and modify campaigns without touching the client's hardware. You manage the portal from a dashboard. The AP is configured once and then left alone.

---

Authentication Methods: The Decision That Determines Everything

The authentication method you choose for a client's captive portal is the single most consequential design decision in the entire WiFi marketing deployment. It determines:

• •Capture rate — The percentage of connecting guests who complete authentication
• •Data quality — Whether you get a verified email, a phone number, a social profile, or nothing useful
• •Legal standing — Whether the consent is compliant with GDPR, CCPA, and local privacy laws
• •Campaign capability — Which marketing channels you can activate (email, SMS, WhatsApp, retargeting)
• •Guest experience — How much friction the guest encounters, and whether they'll connect again

Method-by-Method Breakdown

Email Form

The most common method. A form field where the guest types their email address (and optionally their name) to gain WiFi access.

Capture rate: 40–55% Data captured: Email address, optional name, device metadata Strengths: Universal — works for every guest, no app dependency, lowest technical barrier Weaknesses: High rate of fake/disposable emails (10–15% in some deployments), no phone number for SMS campaigns, requires typing on mobile

When to use: Default choice when you have no market-specific reason to choose otherwise. Good for North American deployments where email remains the primary digital identity.

SMS OTP (One-Time Password)

Guest enters their phone number. The platform sends a 4–6 digit code via SMS. Guest enters the code to authenticate.

Capture rate: 25–40% Data captured: Verified phone number, device metadata Strengths: Verified identity (you know the phone number is real and active), enables SMS marketing campaigns, higher data quality than email forms Weaknesses: Lower conversion than email (extra step creates friction), SMS delivery costs ($0.01–$0.05 per OTP depending on country), requires Twilio or similar SMS gateway integration

When to use: Venues where phone number data is more valuable than email data. Restaurants (SMS offers drive faster action than email), markets where SMS marketing has high open rates (US: 98% open rate for SMS vs. 20% for email).

Social Login (Facebook, Instagram, LinkedIn, Google)

Guest taps a social media button. The platform requests basic profile access via OAuth. Guest authorizes. Authentication is complete.

Capture rate: 20–35% Data captured: Name, email, profile photo, gender, age range, social profile URL, friends list (where API permits) Strengths: Rich demographic data, one-tap authentication (low friction once the OAuth popup loads), enables social retargeting Weaknesses: Declining Facebook login rates since 2020 privacy changes (users more cautious about granting access), Apple/iOS users may see additional permission prompts, Gen Z uses social login less than Millennials and Gen X

When to use: Hospitality and entertainment venues where demographic profiling is valuable. Tourist areas where social login provides language/region signals. Venues running Facebook Custom Audience retargeting campaigns.

WhatsApp OTP

Guest enters their phone number. The platform sends a one-time password via WhatsApp message (through the WhatsApp Business API). Guest taps the link or enters the code to authenticate.

Capture rate: 45–65% Data captured: Verified WhatsApp-enabled phone number, device metadata, WhatsApp profile name Strengths: Highest conversion rates in markets with high WhatsApp penetration, verified phone number, opens a WhatsApp messaging channel for campaigns, combined identity + messaging in one step Weaknesses: Requires WhatsApp Business API setup (platform handles this, but it's an add-on), only effective in WhatsApp-dominant markets, add-on pricing ($99/month)

When to use: Any market where WhatsApp penetration exceeds 50%. This includes most of Latin America (Brazil: 99%, Mexico: 95%), Europe (Spain: 97%, Italy: 95%, Germany: 85%, UK: 80%), Middle East (UAE: 96%, Saudi Arabia: 73%), and Southeast Asia (Indonesia: 88%, Philippines: 82%). For a complete technical and market analysis, see the WhatsApp WiFi Login Guide.

Passcode / Click-Through

Guest enters a shared passcode or simply clicks an "Accept Terms" button. No personal data is captured.

Capture rate: 95%+ (because there's no data capture) Data captured: None (device metadata only) Strengths: Zero friction, useful for staff networks, VIP areas, or environments where data capture is inappropriate Weaknesses: No marketing value — you're providing WiFi without building a data asset

When to use: Staff/employee WiFi (separate SSID from guest network), VIP areas where data capture would feel intrusive, compliance-constrained environments where data minimization is required.

Custom Forms

A form with fields you define: name, email, phone, company name, age, preferences, survey questions — whatever the use case requires.

Capture rate: 30–45% (highly dependent on field count) Data captured: Whatever fields you include Strengths: Maximum flexibility, can combine identity capture with surveys or preference collection Weaknesses: Every additional field drops conversion by 5–10%. A 5-field form will convert at roughly half the rate of a 2-field form.

When to use: Conference/event registrations, age-restricted venues (bars, casinos), B2B environments where company name and role are valuable, healthcare waiting rooms where satisfaction surveys are embedded.

The Authentication Decision Matrix

*In WhatsApp-dominant markets

What most resellers get wrong: they offer the same authentication method to every client regardless of geography or vertical. A restaurant in São Paulo needs WhatsApp OTP. A coworking space in Portland needs email + LinkedIn social login. A hotel chain in Dubai needs multilingual WhatsApp OTP + email fallback. The authentication method is a consultative recommendation, not a default setting.

---

Portal Design: The UX That Determines Conversion

Authentication method is the biggest conversion lever. Portal design is the second biggest.

The 3-Second Rule

When a guest's browser redirects to your captive portal, you have approximately 3 seconds before they decide to engage or close the page. In those 3 seconds, the portal must communicate three things:

1. •Where they are — Venue branding (logo, name, colors) confirms they're in the right place
2. •What they get — The value exchange: free WiFi, a discount, exclusive content
3. •What to do — A single, obvious call to action: one login button or one form field

Portals that try to communicate more than these three things in the initial viewport lose conversions. Save the promotional content for the post-login redirect.

Design Patterns That Convert

Pattern 1: Single CTA One authentication method, one button, one outcome. Best for venues where you've identified the optimal auth method and don't want to dilute focus.

Layout: Logo → Headline ("Connect to Free WiFi") → Single button or short form → Legal consent checkbox → Connect button

Pattern 2: Stacked Options Two or three authentication methods displayed vertically. The preferred method is visually emphasized (larger button, contrasting color). Best when you want to maximize capture across different guest preferences.

Layout: Logo → Headline → Primary auth button (WhatsApp OTP or email) → Secondary options (social login) → Legal consent → Connect

Pattern 3: Value-First The offer leads, not the WiFi. Best for venues where the discount or incentive is the primary motivator.

Layout: Logo → Offer headline ("10% Off Your Next Visit") → Offer details → Auth form/button → Legal consent → "Get My Discount" button

Pattern 4: Split-Screen Left side: branding, imagery, or promotional content. Right side: authentication form. Best for tablet-optimized portals in environments where guests use larger screens (hotel lobbies, coworking spaces).

The Elements That Move the Needle

Background images: A relevant background image (venue interior, food photography for restaurants, cityscape for hotels) increases engagement compared to solid color backgrounds. But compress aggressively — portal load time matters more than image quality.

Progress indicators: If your auth flow has multiple steps (phone number → OTP code → success), a progress bar reduces abandonment on the second step by 15–20%.

Social proof: "Join 12,000+ guests who've connected this month" adds credibility and reduces hesitation. Dynamic counters that show real numbers (pulled from the platform API) outperform static text.

Language detection: For venues in tourist areas or multilingual markets, auto-detecting the guest's device language and rendering the portal in that language increases conversion. The MyWiFi platform supports 50+ portal languages.

Post-login redirect: Where the guest lands after authentication is prime real estate. Options include: the venue's website, a special offer page, Google/TripAdvisor review prompt, app download page, or a WhatsApp chatbot. The redirect should be intentional, not an afterthought.

---

Conversion Optimization: The Framework

Most guides tell you to A/B test your button color. That's noise. Real conversion optimization for captive portals follows a structured framework.

The FILM Framework for Portal Conversion

F — Friction Audit Map every step between WiFi connection and internet access. Count the taps, fields, and page loads. Every interaction is a potential drop-off point.

A typical email login portal: tap network → portal loads (1) → type email (2) → check consent box (3) → tap submit (4) → redirect loads (5). That's 5 friction points.

A WhatsApp OTP portal: tap network → portal loads (1) → type phone number (2) → check consent box (3) → tap submit (4) → switch to WhatsApp (5) → tap OTP link (6) → redirect loads (7). More steps, but steps 5–6 are near-automatic (WhatsApp opens, guest taps link). Net perceived friction is lower because typing is minimal.

I — Incentive Design The value exchange must be asymmetric — the guest must feel they're getting more than they're giving. "Free WiFi" alone works in airports and hotels (where WiFi is expected). In restaurants and retail, layer an incentive: a discount, a free item, entry into a drawing, exclusive content.

The incentive doesn't have to cost the venue anything real. A 10% discount on the next visit costs nothing if the guest doesn't return — and if they do return, that's the entire point of the system.

L — Load Performance Portal load time on a mobile device over the venue's WiFi connection. Target: under 2 seconds. Measure: use the platform's portal preview on a real phone connected to the venue's guest network.

Three common load time killers:

1. •Uncompressed background images (a 2MB hero image on a captive portal is malpractice)
2. •Third-party script loading (analytics tags, chat widgets, social SDKs)
3. •Custom fonts that aren't cached (use system fonts or a single web font)

Cloud CDN delivery (like Amazon CloudFront) solves most load time issues. If your platform hosts portals on a CDN, load time should be under 1 second in most markets.

M — Measurement You can't optimize what you don't measure. Track these metrics per portal:

• •Impression-to-authentication rate — Percentage of guests who see the portal and complete login
• •Abandonment by step — Where in the auth flow guests drop off
• •Time to authenticate — How long from portal load to completed login
• •Return guest auto-connect rate — Percentage of returning guests who reconnect without re-authenticating
• •Authentication method split — If offering multiple methods, which one guests choose

A/B Testing Protocol

A/B testing captive portals is different from testing web pages because you have a captive audience (literally — they can't use the internet until they complete the test). This means:

1. •Test one variable at a time. Authentication method, headline copy, form field count, or CTA button text. Not all at once.
2. •Traffic-split by time, not by device. Run version A for 7 days, then version B for 7 days. Device-level splitting introduces inconsistency when the same guest sees different portals on different visits.
3. •Minimum sample: 500 impressions per variant. Below this threshold, the data is too noisy to draw conclusions.
4. •The metric that matters is capture rate, not portal views. A portal that gets more views but fewer completions is losing.

---

Hardware Configuration: Getting the Redirect Right

The captive portal can be perfect, but if the redirect doesn't fire reliably, none of it matters.

How the Redirect Works (By Vendor)

Cisco Meraki Meraki's cloud dashboard has a built-in splash page configuration. You set the splash page to "Custom URL" and point it to the platform's portal URL. The Meraki AP handles the redirect via HTTP 302. Optionally, enable CMX Scanning API for presence analytics (probe request data from devices that don't connect).

Configuration: Wireless > Access Control > Splash page > Custom splash URL

Ubiquiti UniFi UniFi requires the Hotspot Manager feature enabled on the network controller. The captive portal redirect is configured via the controller's guest portal settings, pointing to the platform's external portal URL. Works with both self-hosted and cloud controllers.

Configuration: Settings > Guest Control > Enable Guest Portal > External portal server

Aruba Networks (HPE) Aruba Central provides captive portal redirect via the guest access configuration. The external captive portal URL is set in the WLAN profile. Aruba's ClearPass can also be integrated for more complex authentication flows.

Datto (Kaseya) Datto Network Manager (formerly Open Mesh) supports external captive portals via the cloud dashboard. The configuration is straightforward — set the splash page URL in the SSID settings.

RADIUS-Based (All Vendors) For hardware that doesn't have native cloud portal redirect, RADIUS authentication provides a universal fallback. The platform acts as an external RADIUS server. The AP sends access requests to the platform's RADIUS endpoint, and the platform returns accept/reject decisions along with attributes like session timeout and bandwidth limits.

Common Configuration Issues

HTTPS redirect failure. Modern browsers enforce HTTPS everywhere. If the guest's first request is HTTPS (which it almost always is in 2026), the redirect must handle this gracefully. Cloud-hosted portals with auto-provisioned SSL certificates solve this. Self-hosted portals without proper certificates will show browser security warnings.

Apple CNA (Captive Network Assistant). Apple devices detect captive portals and open a mini-browser (CNA) instead of the full Safari browser. The CNA has limited JavaScript support, smaller viewport, and no persistent cookies. Your portal must work in this constrained environment. Test on a real iPhone — don't rely on desktop browser testing.

Android captive portal detection. Android devices use a connectivity check (hitting connectivitycheck.gstatic.com) to detect captive portals. Some aggressive firewall configurations block this check, preventing the portal popup from appearing. Whitelist Google's connectivity check domains in the AP's walled garden.

Double redirect. If the AP redirects to the portal, and the portal redirects to an intermediate page, and that page redirects to the auth flow — that's three redirects. The guest sees a loading spinner for 5+ seconds. Minimize redirect chains.

---

Compliance on the Captive Portal

The captive portal is your first and often only opportunity to collect legally valid consent. Get it wrong, and every record in your database is potentially tainted.

GDPR Consent Requirements

For deployments in the EU/EEA (or serving EU residents anywhere):

1. •Consent checkbox must not be pre-checked. The guest must actively opt in.
2. •Purpose must be specific. "We may use your data for marketing" is insufficient. Specify: "We will send you email offers about [venue name] products and services."
3. •Separate consent for separate purposes. If you're collecting data for both WiFi access and marketing, you need two separate consent mechanisms. WiFi access consent is legitimate interest. Marketing consent is opt-in.
4. •Right to withdraw. The portal or post-login page must include a link to withdraw consent and request data deletion.
5. •Privacy notice link. A visible link to the full privacy policy must be on the portal page.
6. •Age verification. If you're collecting data from minors (under 16 in most EU countries), parental consent is required. Some platforms include age-gate checkboxes.

CCPA / US State Privacy Laws

1. •"Do Not Sell" link. California law requires a "Do Not Sell My Personal Information" link if the business shares data with third parties.
2. •Collection notice. At or before the point of collection, inform the consumer of the categories of data collected and the purposes.
3. •Opt-out mechanism. Provide a clear method for opting out of data sale or sharing.

CAN-SPAM / TCPA

• •Email campaigns require an unsubscribe mechanism and sender identification
• •SMS campaigns require prior express written consent (the SMS OTP consent checkbox covers this if worded correctly)
• •The captive portal consent checkbox can serve as the written consent record if it specifically mentions SMS marketing

Consent Architecture on the Portal

Best practice is a layered consent model:

Layer 1 (on the portal): A consent checkbox with brief text: "I agree to receive marketing communications from [venue name]. [Privacy Policy link]"

Layer 2 (linked page): Full privacy notice detailing data collected, processing purposes, retention period, third-party sharing, and rights (access, erasure, portability, objection).

Layer 3 (platform): Technical implementation — consent timestamp, consent text version, guest IP, device identifier — stored as an auditable consent record.

Practical takeaway: your platform should generate and store consent records automatically. If you're manually managing consent documentation, you're exposing yourself and your clients to compliance risk. Build consent into the portal design, not into a separate process.

---

Advanced Portal Features

Beyond basic authentication, modern captive portals support several features that increase both data quality and marketing capability.

Welcome Back (Auto-Reconnect)

Returning guests whose devices have been seen before can be auto-reconnected without re-authenticating. The platform recognizes the device's MAC address from a previous session and grants access immediately.

From the guest's perspective: they walk into the venue, their phone connects to WiFi, and they get internet access without interacting with a portal. From the reseller's perspective: a reconnection event is logged, updating the guest's visit count, frequency, and last-seen timestamp.

When to enable: Most deployments. The first visit captures the data; subsequent visits build the behavioral profile.

When to disable: Venues where re-authentication is required for compliance (some healthcare, government, or financial services environments).

Paid WiFi Access

Some venues charge for WiFi access, either as a standalone revenue stream or as a hybrid model (basic WiFi free, premium bandwidth paid).

The captive portal can integrate with payment gateways (Stripe, Authorize.Net) to handle transactions. Guests choose between a free tier (bandwidth-limited, time-limited) and a paid tier (full speed, extended session). This model is common in airports, hotels without complimentary WiFi, and event venues.

Ad Server Integration

The captive portal can display advertising before or after authentication. Pre-login ads are particularly valuable because the guest is a captive audience — they must view the ad to proceed. Post-login ads appear on the redirect page.

Ad formats: banner (image), video (pre-roll before WiFi access), and custom HTML. Impression and click tracking is built into the platform's ad server. Resellers can sell this inventory to local advertisers or use it for the venue's own promotions.

Survey and Feedback Collection

Embedding a short survey (1–3 questions) into the captive portal or post-login redirect provides qualitative data alongside the quantitative data from authentication. Net Promoter Score (NPS) surveys work well in hospitality. Product preference surveys work in retail.

Keep surveys short. A single question ("How would you rate your experience? 1–5 stars") has a completion rate 3x higher than a 5-question survey.

Multi-Language Support

For venues serving international guests — hotels, airports, tourist attractions, shopping districts — multilingual portals significantly improve conversion. The platform should detect the guest's device language and render the portal accordingly, with a manual language selector as a fallback.

The MyWiFi platform supports 50+ portal languages, covering every major market.

---

Vertical-Specific Portal Strategies

Different verticals require different portal approaches. A hotel lobby portal and a sports bar portal solve different problems for different audiences. Here's what works in each.

Restaurants and Cafes

Primary auth: Email (US/Canada) or WhatsApp OTP (LATAM, Europe, ME, SEA) Secondary auth: None. Keep it simple. One path, one CTA. Value exchange: "Connect for free WiFi + [X]% off your next visit" Post-login redirect: Menu page, upcoming events, or Google review prompt Key insight: Restaurant guests are impatient. They want WiFi now. Average time-to-authenticate must be under 20 seconds or you're losing captures. Single-field forms (email only, or phone number only) outperform multi-field forms by 30-40% in food and beverage environments.

A 6-location burger chain in the northeast US tested portal variations across locations. The winning version: dark background matching the restaurant's interior aesthetic, logo at top, "Free WiFi + 15% Off Your Next Burger" headline, single email field, large "Connect" button. Capture rate: 47%. The losing version had 3 fields (name, email, birthday). Capture rate: 28%. Same locations, same foot traffic, same time period.

Hotels and Hospitality

Primary auth: Email or room-number + last-name verification (PMS integration) Secondary auth: Social login (captures profile data for CRM enrichment) Value exchange: "Connect to complimentary WiFi" (hotels don't need to incentivize — WiFi is expected) Post-login redirect: Concierge page, hotel amenities, or loyalty program enrollment Key insight: Hotels have near-universal WiFi adoption (90%+ of guests connect). The opportunity isn't increasing capture rate — it's maximizing data richness per capture. Multi-field forms are acceptable in hospitality because guests are willing to provide more information for a multi-day stay. Ask for name, email, and check-out date. Use check-out date to trigger post-stay campaigns.

The post-stay review prompt is the highest-value automation in hotel WiFi marketing. An automated email sent the morning after checkout — "How was your stay? Leave a review on TripAdvisor" — with a direct link to the property's listing page. One hotel group reported increasing their TripAdvisor review volume from 8/month to 35/month per property using this single automation.

Retail Stores

Primary auth: Email with first name (for personalization) Secondary auth: Social login (demographic data for segmentation) Value exchange: "Join our VIP list for exclusive offers + free WiFi" Post-login redirect: Current promotions page or e-commerce site Key insight: Retail WiFi demand is lower than hospitality (many shoppers use mobile data). The value exchange must be strong enough to justify the effort. Position the portal as VIP club enrollment, not WiFi access. "Welcome to the [Store Name] VIP Club — connect for early access to sales, exclusive offers, and free WiFi."

Events and Conferences

Primary auth: Custom form (name, email, company, role) Secondary auth: LinkedIn social login (ideal for B2B events) Value exchange: "Connect for event WiFi + access the session schedule" Post-login redirect: Event app download or live session schedule Key insight: Events are the one scenario where multi-field forms don't kill conversion. Attendees expect to provide professional details, and the perceived value of event WiFi (necessary for work) is high. Capture company name and job title — this data is valuable for event organizers, sponsors, and exhibitors.

Event WiFi marketing is a separate revenue category for resellers. A 3-day conference with 2,000 attendees can generate $3,000–$10,000 in one-time revenue from the event organizer, plus ongoing value from the attendee database. Sponsors may pay separately for branded portal placements.

Medical and Healthcare

Primary auth: Email or SMS OTP (avoid social login — inappropriate for medical settings) Value exchange: "Free WiFi while you wait" (no promotional messaging) Post-login redirect: Patient satisfaction survey (1-2 questions) or health tips page Key insight: Healthcare portals must be conservative in tone and scope. No marketing incentives ("10% off your next root canal" is obviously inappropriate). The value is in the patient satisfaction data collected via post-login survey and in appointment reminder integration. HIPAA does not apply to WiFi login data (you're collecting an email address, not health information), but communicate this clearly in your compliance documentation to address client concerns.

---

Multi-Portal Strategies for Complex Venues

Large venues often need multiple captive portals serving different audiences simultaneously.

The Multi-SSID Approach

Configure the access point to broadcast multiple SSIDs, each with a different captive portal:

• •"Hotel Name WiFi" — Guest portal with email capture, loyalty enrollment, post-stay review automation
• •"Hotel Name Conference" — Event portal with company/role fields, sponsor branding, session schedule redirect
• •"Hotel Name Staff" — Staff portal with passcode authentication (no data capture), higher bandwidth allocation

Each SSID redirects to a different portal URL. The WiFi marketing platform manages all three portals from a single dashboard. Analytics are separated by SSID, giving the venue operator distinct views of guest, conference, and staff traffic.

The Location-Aware Approach

For multi-floor or multi-zone venues (shopping malls, airports, large campuses), different APs serve different zones. Each zone can have a tailored portal:

• •Floor 1 (retail): Retail-themed portal with shopping offers
• •Floor 2 (food court): Food-themed portal with restaurant discounts
• •Floor 3 (entertainment): Event-themed portal with show schedules

The platform routes guests to the appropriate portal based on which AP they connect to. This requires AP-level portal mapping, which is configured in the platform's location management interface.

---

Portal Performance Benchmarks

How do you know if your portal is performing well? Benchmarks vary by vertical, geography, and authentication method, but these ranges provide a baseline:

These ranges are aggregated across thousands of deployments. Your mileage will vary based on venue type, portal design, and guest demographics.

What most resellers get wrong about benchmarks: they compare their restaurant client's capture rate against their hotel client's capture rate. Hotels have near-100% WiFi demand (guests expect it). Restaurants have 30–50% WiFi demand (many guests use mobile data). Compare within vertical, not across verticals.

---

The Portal Audit Checklist

Before launching any captive portal deployment, run through this checklist:

Authentication:

• • Selected auth method(s) appropriate for market and vertical
• • Tested auth flow on iOS (Safari + CNA), Android (Chrome), and at least one desktop browser
• • Return guest auto-connect configured and tested
• • Session timeout and bandwidth limits set appropriately

Design:

• • Venue logo and branding applied
• • Portal loads in under 3 seconds on a phone over the venue's WiFi
• • Single clear CTA above the fold
• • Background image compressed (<200KB)
• • Tested on mobile viewport (375px width minimum)

Compliance:

• • Consent checkbox present and not pre-checked
• • Privacy policy linked from the portal
• • Consent text specifies data use purpose
• • GDPR-compliant if serving EU guests
• • CAN-SPAM/TCPA compliant consent language for email/SMS

Post-Login:

• • Redirect URL configured (not default blank page)
• • Redirect destination is mobile-friendly
• • Automation trigger fires on successful authentication

Monitoring:

• • Portal analytics dashboard accessible
• • Alerts configured for portal downtime or zero-capture periods
• • Weekly capture rate review scheduled

---

Further Reading

• •WiFi Marketing: The Definitive Guide for Resellers — The comprehensive overview connecting all topics
• •WhatsApp WiFi Login: The Definitive Guide — Deep dive into WhatsApp OTP authentication
• •Captive Portal Authentication Methods — Technical comparison of auth methods
• •Captive Portal Design Patterns — Visual design patterns and templates
• •Captive Portal Best Practices — UX optimization guide
• •How to Set Up a Captive Portal — Step-by-step setup tutorial
• •WiFi Splash Page Examples — Real-world portal design examples
• •WiFi Email Capture vs. Social Login — Detailed method comparison
• •Guest WiFi Analytics Guide — What happens with the data after capture
• •White-Label WiFi Guide — Platform evaluation for portal branding
• •GDPR WiFi Data Compliance — Complete GDPR compliance guide
• •Cisco Meraki Captive Portal Setup — Vendor-specific configuration
• •Ubiquiti UniFi Guest WiFi Marketing — UniFi portal configuration
• •Aruba Networks Captive Portal — Aruba setup guide
• •TP-Link Omada Captive Portal — Omada portal setup
• •WiFi Hardware Guide for Resellers — Complete hardware comparison