Security

Can sponsorship be used, within the provisioning phase of OnBoard, instead of initial Clearpass authentication of the user wanting to use OnBoard?

This would clearly need to be combined with some way of identifying the user making the request to the sponsor.  This would probably be used as their identity throughout the OnBoarding process.

?

Well, that would be authentication, wouldn't it? :)

Well - yes and no.  :)

Most importantly, from a user's perspective, what I think of as a true authentication is where there's no human element in the auth bit - ClearPass consults a database of credentials, of some kind, in real time.   With sponsorship, you need a real human to see the email requesting access and them to reply in the affirmative.  The requestor ('OnBoarder') has to wait for that to happen.

It wasn't clear, from the Guest User Guide, whether you could skip the true authentication bit and just let the user OnBoard with only the sponsor's acceptance?   And, related to this, whether true auth is needed or not, what happens to the provisioning session if, for example, it takes some hours for the sponsor to ok to OnBoarding request?

One final thread on this:   the sponsors, in this case, will have an external email address, from a group of partner businesses, rather than being personnel working for the organisation owning the WiFi / Clearpass setup itself.  Is there any way we could query the 'OnBoarder' for their email address, require them to select their company from a drop-down list of partners and check that the Domains for the two match, before submitting the email to the sponsor?