Security

Reply
Occasional Contributor II
Posts: 37
Registered: ‎03-15-2011

airgroup role mapping instant and cppm

Anyone got any good docs or references for mapping user roles on instant/controllers and cppm roles for airgroup?

I have just set up airgroup and the integration works great. In my scenario I would like to permit the use of an appletv to a presenter and deny it to guests.
Where im stuck is how to distiguish the presenter from the guests (guest role id was my first guess) and then how to enforce that seperation.

I know the airgroup-operator and airgroup-admin roles can do this on a seperate page, but that seems a bit clunky for this use case.

Any ideas?
Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: airgroup role mapping instant and cppm

Easiest way is to use the user roles. How are you determining the user is a presenter vs guest?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 37
Registered: ‎03-15-2011

Re: airgroup role mapping instant and cppm

[ Edited ]

Well, thats what I'm trying to understand.

 

Ideally I would like the Presenter to register (using Guest Self-Registration) and have reception add them into the Presenter Role. This would give them access to the Guest network (along with everyone else) with the added function of AirPlay.

 

What I don't understand is how the mapping of the 'Presenter' role matches up to, and validates, the AirGroup shared role (which is owned by the Instant/Controller AirGroup setting).

 

Does that make sense?

Perhaps someone has a sample config?

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: airgroup role mapping instant and cppm

So if you create a new guest role of presenter, then create a user role on the controller / instant called presenter, then you can select the presenter role in the AirGroup shared device registration.

You'd also need to create the necessary logic in your enforcement policy to put the user into the user role (TIPS role equals presenter --- presenter-role-enf)

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 37
Registered: ‎03-15-2011

Re: airgroup role mapping instant and cppm

I'll give that a go in the morning. Its similar to what I already had, except I was using Endpoint:Guest Role ID instead of Tips:Role and Enforcement Profiles to map back to the Roles.

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: airgroup role mapping instant and cppm

You can use that too as long as you are populating/updating that in your webauth service.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: