Security

Hi Experts,

Using Okta for cloud identity provider as shown in this guide ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf it is possible to perform the onboard process of the device using Okta credentials. A certificate will be issued and a network profile will be configured in the device.

The next step, the device will connect to an SSID with 802.1X EAP-TLS.

To complete this task a new service on the clearpass needs to be created to authenticate with the EAP-TLS method.
My question is about which authentication source should I use on this service to successfully authenticate the device.? Onboard Device Repository, Local Endpoint Repository, etc. Any Idea?

Thank you,

Hi Experts,

Using Okta for cloud identity provider as shown in this guide ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf it is possible to perform the onboard process of the device using Okta credentials. A certificate will be issued and a network profile will be configured in the device.

The next step, the device will connect to an SSID with 802.1X EAP-TLS.

To complete this task a new service on the clearpass needs to be created to authenticate with the EAP-TLS method.
My question is about which authentication source should I use on this service to successfully authenticate the device.? Onboard Device Repository, Local Endpoint Repository, etc. Any Idea?

Thank you,

For the Onboard pre-auth service, the auth source is not required, but for EAP-TLS authentication using Aruba 802.X Wireless service, it requires me to specify at least one auth source.

I tried to add some for test and got this message on the access: EAP-TLS: Authentication failure, unknown user. 

I confirmed in the Clearpass Onboard user/certs and they are there for this user, but auth failed.

Because of this message, I did double-check what would be the correct auth source. 

Hi Experts,

Using Okta for cloud identity provider as shown in this guide ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf it is possible to perform the onboard process of the device using Okta credentials. A certificate will be issued and a network profile will be configured in the device.

The next step, the device will connect to an SSID with 802.1X EAP-TLS.

To complete this task a new service on the clearpass needs to be created to authenticate with the EAP-TLS method.
My question is about which authentication source should I use on this service to successfully authenticate the device.? Onboard Device Repository, Local Endpoint Repository, etc. Any Idea?

Thank you,

For the Onboard pre-auth service, the auth source is not required, but for EAP-TLS authentication using Aruba 802.X Wireless service, it requires me to specify at least one auth source.

I tried to add some for test and got this message on the access: EAP-TLS: Authentication failure, unknown user. 

I confirmed in the Clearpass Onboard user/certs and they are there for this user, but auth failed.

Because of this message, I did double-check what would be the correct auth source. 

Hi Experts,

Using Okta for cloud identity provider as shown in this guide ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf it is possible to perform the onboard process of the device using Okta credentials. A certificate will be issued and a network profile will be configured in the device.

The next step, the device will connect to an SSID with 802.1X EAP-TLS.

To complete this task a new service on the clearpass needs to be created to authenticate with the EAP-TLS method.
My question is about which authentication source should I use on this service to successfully authenticate the device.? Onboard Device Repository, Local Endpoint Repository, etc. Any Idea?

Thank you,

For the Onboard pre-auth service, the auth source is not required, but for EAP-TLS authentication using Aruba 802.X Wireless service, it requires me to specify at least one auth source.

I tried to add some for test and got this message on the access: EAP-TLS: Authentication failure, unknown user. 

I confirmed in the Clearpass Onboard user/certs and they are there for this user, but auth failed.

Because of this message, I did double-check what would be the correct auth source. 

Hi Experts,

Using Okta for cloud identity provider as shown in this guide ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf it is possible to perform the onboard process of the device using Okta credentials. A certificate will be issued and a network profile will be configured in the device.

The next step, the device will connect to an SSID with 802.1X EAP-TLS.

To complete this task a new service on the clearpass needs to be created to authenticate with the EAP-TLS method.
My question is about which authentication source should I use on this service to successfully authenticate the device.? Onboard Device Repository, Local Endpoint Repository, etc. Any Idea?

Thank you,