Requirement:As a network admin, i wish to revoke a Onboarded device certificate, if the device is inactive for more than "X" number of days.
Solution:From ClearPass 6.5.x, we have an option under device Onboard provisioning settings. If checked the certificates for devices will be revoked after a period, where the device is not seen on the network.
Configuration:In order to configure this setting please navigate to CPPM > Guest > Onboard > Deployment and Provisioning > Provisioning Settings > Select the provisioning profile > click edit > General tab > navigate to "Action" section
We also have option to add Inactivity Period interval . This will make sure that if a device does not authenticate on the network after this specified period, its certificate will be revoked.
VerificationWe verified that after configuring the auto revoke option, the Onboard device certificates were revoked, post the configured time interval automatically.