Security

Reply

Ideas for School Clearpass

We have got a school which has

1000 students(this devices are not owned by school)

200 Administrative(device owned by school, or personal deivces of the teachers)

 

The students are not in the active directory

They do have an email with google  and thats it.

 

What would be the best way to implement this

 

For the administrative  i could use onboard for personal devices of teachers(as they are on active directory there wont be any issue with that..

 

 

For the student is my question

how could i be able to log in the network using the google as an authorization  source(it is possible?)

 

On another schoool they are using Clearpass Guest with Office 365 with clearpass guest with azure

But im not sure we can do that here becuase is not office 365 and we cannot use the social media login  to restrict the domain to just the student domain(as we do not have the Azure option here) or there is any way???

 

Maybe we coudl do it with onboard but we would need an authorization source  and we would need to use the google  email somehow in that

 

Any ideas? of how you guys has done it ?

 

Cheers

Carlos

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: Ideas for School Clearpass

Onboard with G Suite via SAML or OAuth2 just like Azure / Office 365.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Ideas for School Clearpass

What are the requirementes for that?

I dont know about the gmail platform....

 

I just know that they use Gmail instead of office 365...

 

What do i need to ask the client to see if they can use that

 

As an additoonal question

It is possible to do what i do with office 365 with azure which im able to restrict the social media registration to one domain??? i mean using Gmail

 

Cheers

Carlos

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: Ideas for School Clearpass

It's nearly identical. In the API configuration in G Suite, you should be able to restrict it to the tenant. Otherwise you can write a rule in your RADIUS service.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Ideas for School Clearpass

Okay thats if i do it with the clearpass guest and social media login

 

If i do it with onboard. what requirement from Gmail do they need to use the onboard?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: Ideas for School Clearpass

It's the same config in ClearPass no matter where you use it.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Ideas for School Clearpass

I mean in gmail not in clearpass

I just want to be sure they dont need to buy something or that im missing something that they might not have(the clearpass is the least of my worries) :)

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Ideas for School Clearpass

Here's a different twist on the previous post.  We have a K-12 that would like to use GSuite to onboard their shared Chromebooks using it's certificate (machine auth) instead of having students login with their ID's.  Can GSuite do that?  They have Clearpass, as an alternative can GSuite be made to reference a static host list there?

Guru Elite

Re: Ideas for School Clearpass

Yes, same configuraton in the Google API Console.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: