12-22-2016 07:38 AM
Hi: There are a number of roles that do not show up in the Roles tab, but are available when creating enforcement policies. Among these are [User Authenticated] and [Machine Authenticated].
I have not been able to find a description of these roles.
Can they be reliably used for enforcement? Is every authenticated user given the [User Authenticated] role? Is every AD member computer given the [Machine Authenticated] role? Any other gotcha's with these roles?
If I missed something in the CPPM user guide, please feel free to point me there.
Solved! Go to Solution.
12-22-2016 07:41 AM
User Authenticated will vary based on the type of authentication. When working with 802.1X, this means that a user account was authenticated.
[Machine Authenticated] will be mapped when a computer account authenticates against the domain successfully.
12-22-2016 08:30 AM
Is this documented anywhere? I only see one reference to these roles in the User Guide, and that's in a chart in the enforcement policy simulation section.
12-23-2016 07:52 AM
And I'm wondering about the use of the [User Authenticated] role.....
If we create a role called "financeMember" and map it via something like:
Authorization: domain.com AD:memberOf EQUALS finance
and then use that role in an enforcement policy.... do we also need to check for the [User Authenticated] role?
i.e.: if AD returns the group membership info, don't we know that the user is authenticated?
12-23-2016 07:57 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
12-23-2016 08:01 AM
When the machine boots up, it will machine authenticate. When the user logs
in, it will user authenticate. The Machine Authenticated token will be
cached and can be used to write a policy that says Machine + User do X.