New Contributor

ClearPass Operator Restrictions

Hi All,


I am trying to setup some ClearPass Operator Restrictions. Does anyone know if it's possible to setup an Operator role to only be able to create guest accounts with a limited expiry date?


Essentially we are looking to stop Operators from giving guests unlimited access for a 'do not expire' account.


Thanks in Advance




Re: ClearPass Operator Restrictions

In order to do this, you need to create a new guest account creation form for these Operators.   You can edit the form to include the limited expiration options you want (expire_after field).  You can then change New Guest Account form that the Operators use under the Custom Forms and Views section of the Operator Profile.

Systems Engineer, Northeast USA

Regular Contributor I

Re: ClearPass Operator Restrictions

I have something like this working.  I have two guest forms called longterm and shortterm.  Any of the company employees can create a shortterm guest ID valid upto a month by logging in with their AD account.  They have no other rights.  Then admin users who are a member of a special AD group can log in and only hit the longterm page for accounts valid up to a year.  Both options have a range of options for how long to make the account.  Shortterm accounts are valid 1,2,3,5 days, 1,2 weeks or 1 month.  Longterm is 2,3,6 months or a year.  My only issue is the admin users can not create short term accounts unless they log in with a non AD account.  In my case they use a lotus notes account and that allows them to creat the short term accounts if needed.  On the operator login page I just have the instructions explaining the difference.


Search Airheads
Showing results for 
Search instead for 
Did you mean: