This article helps to restrict maximum number of devices that a user can OnBoard without using default "Maximum Devices" option in Provisioning Settings.
Environment : Applies to all the ClearPass 6.x version.
Configuration Steps :
The below enforcement profile allows to limit the number of device that can be Provisioned.
For Radius based(Aruba): go to Configuration >> Enforcement >> Profiles >> Add >> Template >> Aruba RADIUS Enforcement and configure the below attribute to limit the devices.
For Application Based(Generic) : go to Configuration >> Enforcement >> Profiles >> Add >> Template >> Generic Application Enforcement and configure the below attribute to limit the devices.
Refer the below screen capture to create an Enforcement Policy and map it to OnBoard Authorization service to limit the number of devices.
Note: The OnBoard Authorization Service can be Application or Radius based. Create the Enforcement profile as per your service type. From CP 6.3.x the OnBoard Authorization service type will be AppAuth based if you use the Service template.