Azure AD is different than on-premise AD, which can be queried through LDAP. There are basically 5 options that I'm aware of:
1) Use single sign-on to let the client authenticate to your Azure AD (web based) and get authorization information from the grants. Doesn't work for EAP-TLS, but does work for Onboard or Guest scenarios
2) If the device is enrolled in Intune, use the Intune extension to get the authorization info from Intune.
3) Use Azure AD Sync to sync to a local on-premise AD, and integrate with LDAP to there.
4) Deploy Azure AD Directory Services, which provides LDAP connectivity direct to the Azure cloud.
5) Use authorization attributes from the used client certificate.
On the Onboarding scenario, that is described in detail in the
Onboard and Azure Active Directory (Configuration Guide: Onboard and Cloud Identity Providers), check latest version on arubanetworks.com/clearpassdocs
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Oct 15, 2021 01:50 AM
From: Milind Yashwantrao
Subject: ClearPass integration with Azure AD for 802.1x auth
Hello All,
I have gone through all Aruba documents and youtube video for ClearPass integration with Azure Ad but I don't find any user friendly information on this integration.
I have 2 questions as below
1) how do I add Azure ad as authentication and authorization source for 802.1x authentication. It's same as on premise AD or what ? Most of documents talk about either intune integration or clearpass onboard to provide microsoft Azure certificate. We have client certificates already installed at end devices.
2) I want to use Clearpass Onboarding, where ClearPass will act as CA so how do I use Auzure Active Directory as authentication Source. I heard that Azure AD do not allow username password authentication. Can we add azure ad with source in onboard services same as on premise AD or any special configuration requires in onboard services ?