Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onboarding Certificate Attributes

This thread has been viewed 3 times

  • 1.  Onboarding Certificate Attributes

    Posted Apr 17, 2018 12:29 PM

    Greetings all!

     

    We're wanting to have only certain people be able to onboard our enterprise owned devices.(our PC techs) I have this pretty much setup and seems to be working, however when one of our techs onboards a device the certificate issued in Onboard is issued to thier username.  I'm wanting machine authentication only as all our devices will be domain joined laptops and I don't care about which user is logged in. The issue is that when managing the certificates in Onboard we can't tell easily what device the certificates belong to, as it only shows the username.  Anyway to get this to be the windows computer name or a custom field on the login page that the tech can enter the computer name manually, instead of assigning it directly to the Onboard username?

     

    Any advice?

     

    Thanks!



  • 2.  RE: Onboarding Certificate Attributes

    EMPLOYEE
    Posted Apr 17, 2018 12:32 PM
    Onboard is designed for user to machine binding. There is really no concept of a machine identity cert today.


  • 3.  RE: Onboarding Certificate Attributes

    Posted Apr 18, 2018 02:06 PM

    Okay, thanks. So in order to do what we're wanting it sounds like ADCS is about the only way to do it?

     

    Thanks



  • 4.  RE: Onboarding Certificate Attributes
    Best Answer

    EMPLOYEE
    Posted Apr 18, 2018 02:09 PM
    For a true machine cert, yes.


  • 5.  RE: Onboarding Certificate Attributes

    Posted Apr 18, 2018 02:24 PM

    Thanks for the help.