Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Ideas for School Clearpass

This thread has been viewed 3 times

  • 1.  Ideas for School Clearpass

    Posted May 08, 2017 12:08 PM

    We have got a school which has

    1000 students(this devices are not owned by school)

    200 Administrative(device owned by school, or personal deivces of the teachers)

     

    The students are not in the active directory

    They do have an email with google  and thats it.

     

    What would be the best way to implement this

     

    For the administrative  i could use onboard for personal devices of teachers(as they are on active directory there wont be any issue with that..

     

     

    For the student is my question

    how could i be able to log in the network using the google as an authorization  source(it is possible?)

     

    On another schoool they are using Clearpass Guest with Office 365 with clearpass guest with azure

    But im not sure we can do that here becuase is not office 365 and we cannot use the social media login  to restrict the domain to just the student domain(as we do not have the Azure option here) or there is any way???

     

    Maybe we coudl do it with onboard but we would need an authorization source  and we would need to use the google  email somehow in that

     

    Any ideas? of how you guys has done it ?

     

    Cheers

    Carlos

     



  • 2.  RE: Ideas for School Clearpass

    EMPLOYEE
    Posted May 08, 2017 12:11 PM
    Onboard with G Suite via SAML or OAuth2 just like Azure / Office 365.


  • 3.  RE: Ideas for School Clearpass

    Posted May 08, 2017 12:24 PM

    What are the requirementes for that?

    I dont know about the gmail platform....

     

    I just know that they use Gmail instead of office 365...

     

    What do i need to ask the client to see if they can use that

     

    As an additoonal question

    It is possible to do what i do with office 365 with azure which im able to restrict the social media registration to one domain??? i mean using Gmail

     

    Cheers

    Carlos

     



  • 4.  RE: Ideas for School Clearpass

    EMPLOYEE
    Posted May 08, 2017 12:30 PM
    It's nearly identical. In the API configuration in G Suite, you should be able to restrict it to the tenant. Otherwise you can write a rule in your RADIUS service.


  • 5.  RE: Ideas for School Clearpass

    Posted May 08, 2017 12:38 PM

    Okay thats if i do it with the clearpass guest and social media login

     

    If i do it with onboard. what requirement from Gmail do they need to use the onboard?

     

    Cheers

    Carlos



  • 6.  RE: Ideas for School Clearpass

    EMPLOYEE
    Posted May 08, 2017 12:42 PM
    It's the same config in ClearPass no matter where you use it.


  • 7.  RE: Ideas for School Clearpass

    Posted May 08, 2017 12:44 PM

    I mean in gmail not in clearpass

    I just want to be sure they dont need to buy something or that im missing something that they might not have(the clearpass is the least of my worries) :)



  • 8.  RE: Ideas for School Clearpass

    EMPLOYEE
    Posted May 09, 2017 08:19 AM

    Yes, same configuraton in the Google API Console.



  • 9.  RE: Ideas for School Clearpass

    Posted May 08, 2017 02:18 PM

    Here's a different twist on the previous post.  We have a K-12 that would like to use GSuite to onboard their shared Chromebooks using it's certificate (machine auth) instead of having students login with their ID's.  Can GSuite do that?  They have Clearpass, as an alternative can GSuite be made to reference a static host list there?