Security

Reply
Occasional Contributor I

Clearpass Onboard with MFA SMS, Phone from AD

Hi Team

 

The authentication source of onboard is the active directory. the mobile number is stored in the active directory as well, I can see it in the clearpass access tracker. after that I will use MFA with SMS. 

 

How can I use the phone number from the active directory for the MFA SMS process?

 

Thanks for your help, regards

Manuel

Re: Clearpass Onboard with MFA SMS, Phone from AD

Good question! I can't easily see how to do this but would also like to know if possible.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
---------------------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor I

Re: Clearpass Onboard with MFA SMS, Phone from AD

In the meantime I found the following hint:

"For LDAP/AD the Pre-Authentication service must be updated to include the numbers in the reply."

 

Sound like we have to include the phone number in the radius reply attributes. But which one?

 

rg Manuel

Occasional Contributor I

Re: Clearpass Onboard with MFA SMS, Phone from AD

Hi all

 

In the meantime I got the glue. We need a Enforcement Policy like (find atteched):

ClearPass:visitor_phone=%{Authorization:SOFTEC AD:mobile}

This only works with App-Auth (not radius based). Then we can use the attribute "visitor_phone" in the onboard or guest workflow.

 

Regards

Manuel

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: