Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass 802.1X MFA

This thread has been viewed 20 times

  • 1.  Clearpass 802.1X MFA

    Posted Oct 30, 2017 06:43 AM

    Hi All

     

    Can anyone point me at some documentation on how to intergrate an MFA provider (Duo) with Clearpass when doing 802.1X.

     

    Thanks

     

    Dave



  • 2.  RE: Clearpass 802.1X MFA

    EMPLOYEE
    Posted Oct 30, 2017 08:03 AM
    We don't have it documented (it's on the list). What specifically so you need help with?


  • 3.  RE: Clearpass 802.1X MFA

    Posted Oct 30, 2017 12:48 PM

    Hi Tim

     

    Just interested to know what the work flow is to get me started. Is it best to do a dot1X authentication and pass back a captive portal role, then do a web auth via Guest for the second factor (or is there a cleaver way to do this with a web form that auto submits to get the push notification). Or do you need to use the Duo RADIUS proxy and set Clearpass as the primary authentication source ?

     

    Thanks

     

    Dave



  • 4.  RE: Clearpass 802.1X MFA
    Best Answer

    EMPLOYEE
    Posted Oct 30, 2017 12:55 PM
    Traditional RADIUS-based MFA is not recommended with 802.1X. We recommend the "sandwich" flow which will occasionally redirect the user to an informational captive portal which will trigger the push notification. It is not recommended to challenge an MFA for every single authentication.