AAA, NAC, Guest Access & BYOD

How to update Guest Operator email address when authenticating using active directory

Aruba Employee

Introduction :

 

By default CPPM will not post all the attributes fetched from Active Directory to Guest module when operator login using AD credentials.
We can configure the enforcement profile to pass on the required attribute values (like email) to Guest module on successful operator login along with the admin privilege.

 

Environment :

 

Clearpass Guest Operator login authentication configured against active directory.

 

 

Configuration Steps :

 

We can configure the enforcement profile to fetch email attribute from AD and pass it on to Guest, which can be used to auto populate sponsor_email field when creating new guest accounts.

-Update the Enforcement profile with below attribute to post email address along with admin privilege to Guest module on operator login.
rtaImage.jpg

-Edit the create_user form sponsor_email filed and add the below expression as initial value.
array (  'generator' => 'GeneratorFromSession',  'generator_args' =>   array (    0 => 'userauth_user',    1 => 'User-Email-Address',  ),)


rtaImage.jpg

 

Verification :

 

From Access tracker ->request output, we can confirm the application response sent to Guest module.

rtaImage.jpg

When Guest operator login to Guest using AD credentials and try creating guest accounts, CPPM should be able to auto populate sponsor email.

rtaImage.jpg

Version history
Revision #:
1 of 1
Last update:
‎11-10-2014 03:56 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.