Security

Reply
Contributor I
Posts: 30
Registered: ‎08-21-2007

User management on onboarded devices

Currently in the process of testing clearpass onboarding.  We are successfully able to provision clients and they are functioning as expected.  Two questions...

 

1)  Is it possible to allow the users to self manage the devices they have registered with the system?  For example, if I set the maximum devices to 2, and they already have two devices configured, do they have the ability to remove one of those devices themselves and provision the new one?  (i.e. I got a new iphone 6, and I want to add it, but need to remove my 5s first)

I notice under onboarding there is a self-service portal... which I believe requires a BYOD operator role to use, but the documentation is not clear what the url is or how to use it.

 

2)  Is it possible to have onboarding remove the certificates from the user device?  We have noticed that if we remove access, the user still has the certificates installed, they must manually remove the profiles on their device before they can join the network using their AD credentials to reprovision.  (we are single ssid, so we auth with AD first, then pass to captive portal to enroll)  Any way around this?

Thanks!

 

 

Scott Miller
Guru Elite
Posts: 8,036
Registered: ‎09-08-2010

Re: User management on onboarded devices

1) yes. If you assign the users the BYOD Operator role in CPG, they should be able to see their devices and delete them.

2) I don't believe this is possible.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 30
Registered: ‎08-21-2007

Re: User management on onboarded devices

I've been able to give the role BYOD Operator, but where does the user navigate to in order to manage their devices?  Is there a specific URL?

 

Scott Miller
Guru Elite
Posts: 8,036
Registered: ‎09-08-2010

Re: User management on onboarded devices

/guest will bring them to the self-service portal after login.

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 30
Registered: ‎08-21-2007

Re: User management on onboarded devices

[ Edited ]

Yes, it then asks them for credentials, but upon login, doesn't show any devices.  It shows their role as MacTrac Operator. 

 

I'm thinking about just starting from scratch.  Something isn't right.

 

Scott Miller
Guru Elite
Posts: 8,036
Registered: ‎09-08-2010

Re: User management on onboarded devices

You need to tweak your admin login service to put them in the BYOD Operator
role.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Guru Elite
Posts: 8,036
Registered: ‎09-08-2010

Re: User management on onboarded devices

Can you confirm from your admin view that the usernames match exactly?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 30
Registered: ‎08-21-2007

Re: User management on onboarded devices

[ Edited ]

They now have the correct role when logging into /guest. 

 

If I give the maximum number of devices allowed as 2 (for example) and they want to add a third, is there a way to direct the user to /guest for them to manage the device (guest/mdps_portal.php) automatically?

 

We really want to take much of the management out of IT's hands and automate the process to be seamless for the user.  If they have added too many devices, we really want them to be directed to removing their own old devices without confusion.

Scott Miller
Search Airheads
Showing results for 
Search instead for 
Did you mean: