Please try to work with Aruba Support, they may have a workaround. I did find somewhere internal that for Okta in this admin login, the switch needs to support challenge-response for RADIUS and Admin access. It may be that the Aruba OS switches don't support that, but that's also something that TAC can verify.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 14, 2021 08:11 AM
From: Saiyam Mehra
Subject: Integrate Okta with Clearpass for RADIUS and TACACS MFA
I am trying to do something similar but instead of using Duo, I am trying to use Okta MFA with Aruba OS switches.
------------------------------
Saiyam Mehra
Original Message:
Sent: Dec 11, 2021 04:20 AM
From: Alex Sharaz
Subject: Integrate Okta with Clearpass for RADIUS and TACACS MFA
Certainly had it working with Duo for logging into a switch on ArubaOS and ComWare switches. Is that what what you want to do?
Didn't work so well for RSA topkens biut dodnt inverstigate that too far
A
------------------------------
Alex Sharaz
Original Message:
Sent: Dec 10, 2021 10:19 AM
From: Saiyam Mehra
Subject: Integrate Okta with Clearpass for RADIUS and TACACS MFA
Hi
I am trying to integrate Okta Token Server with the CPPM for the RADIUS and TACACS requests for MFA. It is giving me some issues as the MFA works randomly for the login requests. The user will receive the push from Okta no matter what. But the CPPM logs say Error Code: "Internal error in performing authentication".
The alerts section say "Connection closed by remote end". I tried to look at the switch logs and it is marking the user account as invalid. I tried another switch and it is not even able to identify the user account and say its an unknown user.
Could anyone guide me here. Also if there is a guide on how to integrate okta with clearpass, can I get that if anyone knows about it.
Thanks
------------------------------
Saiyam Mehra
------------------------------