This is exactly the same as any ClearPass environment: Officially you cannot do multi-tenant. This is because there is only one database for all the tenants – hence there is a potential for a tenant to learn information of another tenant's environment.
You can create a pseudo multi-tenant environment: This is reliant on using CPG Operator to control what they can view active sessions, disconnect/change-role of an active session, create/view/delete user accounts, create/view/delete devices. This is achieve by creating Operator Logins that restricts a Tenant to seeing his/her related users/devices/sessions.
However, this is all predicated on the basis that there is no overlap of NAS IP addresses between Tenants.
Attached is an old presentation I put together covering this type of approach.
Regards Derin
Principle ClearPass Engineer
Blue Sky Systems Limited
Tel: 03300 101 550
DDI: 03300 101 474
Mobile: 07749 100 180
Email: derin.mellor@blueskysystems.com
Web: www.blueskysystems.co.uk
Registered in England No: 8856125
Registered Office: Dorset House, Regent Park, 297-299 Kingston Road, Leatherhead, KT22 7PL
