03-31-2015 02:59 PM
Currently in the process of testing clearpass onboarding. We are successfully able to provision clients and they are functioning as expected. Two questions...
1) Is it possible to allow the users to self manage the devices they have registered with the system? For example, if I set the maximum devices to 2, and they already have two devices configured, do they have the ability to remove one of those devices themselves and provision the new one? (i.e. I got a new iphone 6, and I want to add it, but need to remove my 5s first)
I notice under onboarding there is a self-service portal... which I believe requires a BYOD operator role to use, but the documentation is not clear what the url is or how to use it.
2) Is it possible to have onboarding remove the certificates from the user device? We have noticed that if we remove access, the user still has the certificates installed, they must manually remove the profiles on their device before they can join the network using their AD credentials to reprovision. (we are single ssid, so we auth with AD first, then pass to captive portal to enroll) Any way around this?
03-31-2015 03:02 PM
2) I don't believe this is possible.
04-01-2015 01:58 PM - edited 04-01-2015 01:58 PM
Yes, it then asks them for credentials, but upon login, doesn't show any devices. It shows their role as MacTrac Operator.
I'm thinking about just starting from scratch. Something isn't right.
04-02-2015 08:02 AM - edited 04-02-2015 08:03 AM
They now have the correct role when logging into /guest.
If I give the maximum number of devices allowed as 2 (for example) and they want to add a third, is there a way to direct the user to /guest for them to manage the device (guest/mdps_portal.php) automatically?
We really want to take much of the management out of IT's hands and automate the process to be seamless for the user. If they have added too many devices, we really want them to be directed to removing their own old devices without confusion.