Security

Reply
Contributor I

Onboard with Microsoft Azure as IdP

Hello community,

 

I'm testing device onboarding with Microsoft Azure as identity provider (using OAuth 2.0). I followed the guideline "Onboard and Cloud Identity Providers" to set things up but being thrown the below error when trying to access the onboard page:

1.PNG

I'm not sure what field is unavailable (per the error message) and how to proceed. Really appreciate if someone can help me on this.

 

Thank you very much,

 

Guru Elite

Re: Onboard with Microsoft Azure as IdP

Are you being redirected as part of an Onboard flow or did you just manually go to it in your browser?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Onboard with Microsoft Azure as IdP

Hi Tim,

 

I was just browsing to the onboard page manually (typing the URL https://mydomain/guest/device_provisioning.php to my browser). Was that the problem?

 

Thanks,

Guru Elite

Re: Onboard with Microsoft Azure as IdP

Yes. There are parameters added during redirection that are required.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Onboard with Microsoft Azure as IdP

So, I need to setup a real captive portal (pointing to onboard page) for this to work? Is that correct?

 

I'm using a Cisco wireless controller for testing. Can this solution work with Cisco, or does it have to be an Aruba device?

Guru Elite

Re: Onboard with Microsoft Azure as IdP

Yes. ClearPass is a multivendor product.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Onboard with Microsoft Azure as IdP

Hi,

 

We've tested SSO with Azure successfully. Now I'm planning to use Endpoint:social attributes in Endpoint repository to authorize users, in replace of LDAP. Is that possible? And have these endpoint attributes ever expired and cleaned up on CPPM?

 

Thank you,

Guru Elite

Re: Onboard with Microsoft Azure as IdP

Yes, you can use them in policy. They are only refreshed during a new OAuth 2.0 login event by the user on the device.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Onboard with Microsoft Azure as IdP

Hi Tim,

 

That means in case the users change their department, they have to re-onboard their devices in order to receive new attributes and new (updated) policy. Right?

 

Thank you,

Contributor I

Re: Onboard with Microsoft Azure as IdP

There's a new issue I've found with SSO onboarding. Looks like it does not work with Ubuntu devices, because when I download the certificate and extract it with openssl, it complained that the import password was invalid (though I'm sure I entered the correct one). Could you please give me some advice? The number of Ubuntu users in my company are pretty high, so this is quite a serious issue.

 

Thank you,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: