Security

Reply
New Contributor
Posts: 1
Registered: ‎08-12-2015

ClearPass Operator Restrictions

Hi All,

 

I am trying to setup some ClearPass Operator Restrictions. Does anyone know if it's possible to setup an Operator role to only be able to create guest accounts with a limited expiry date?

 

Essentially we are looking to stop Operators from giving guests unlimited access for a 'do not expire' account.

 

Thanks in Advance

 

Matt

Aruba
Posts: 1,635
Registered: ‎04-13-2009

Re: ClearPass Operator Restrictions

In order to do this, you need to create a new guest account creation form for these Operators.   You can edit the form to include the limited expiration options you want (expire_after field).  You can then change New Guest Account form that the Operators use under the Custom Forms and Views section of the Operator Profile.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Regular Contributor I
Posts: 154
Registered: ‎10-20-2010

Re: ClearPass Operator Restrictions

I have something like this working.  I have two guest forms called longterm and shortterm.  Any of the company employees can create a shortterm guest ID valid upto a month by logging in with their AD account.  They have no other rights.  Then admin users who are a member of a special AD group can log in and only hit the longterm page for accounts valid up to a year.  Both options have a range of options for how long to make the account.  Shortterm accounts are valid 1,2,3,5 days, 1,2 weeks or 1 month.  Longterm is 2,3,6 months or a year.  My only issue is the admin users can not create short term accounts unless they log in with a non AD account.  In my case they use a lotus notes account and that allows them to creat the short term accounts if needed.  On the operator login page I just have the instructions explaining the difference.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: