Security

Reply
Contributor I

Clearpass 802.1X MFA

Hi All

 

Can anyone point me at some documentation on how to intergrate an MFA provider (Duo) with Clearpass when doing 802.1X.

 

Thanks

 

Dave

Guru Elite

Re: Clearpass 802.1X MFA

We don't have it documented (it's on the list). What specifically so you need help with?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Clearpass 802.1X MFA

Hi Tim

 

Just interested to know what the work flow is to get me started. Is it best to do a dot1X authentication and pass back a captive portal role, then do a web auth via Guest for the second factor (or is there a cleaver way to do this with a web form that auto submits to get the push notification). Or do you need to use the Duo RADIUS proxy and set Clearpass as the primary authentication source ?

 

Thanks

 

Dave

Guru Elite

Re: Clearpass 802.1X MFA

Traditional RADIUS-based MFA is not recommended with 802.1X. We recommend the "sandwich" flow which will occasionally redirect the user to an informational captive portal which will trigger the push notification. It is not recommended to challenge an MFA for every single authentication.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: