Security

last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Azure AD as ClearPass Authentication Source for TACACS+

This thread has been viewed 11 times
  • 1.  Azure AD as ClearPass Authentication Source for TACACS+

    Posted Jun 01, 2021 03:53 PM
    Hello,

    I am working on a NAC project where the client is migrating to MS Azure AD and Intune.
    At the moment, we successfully integrated ClearPass with Intune (trough Intune extension), and Azure AD for SSO with SAML and Guest Social login with OAuth2.

    Now we are trying to configure TACACS+ for secure login to network devices.
    Is there any other way to add Azure AD to ClearPass Authentication sources and use it for TACACS+ Auth source other than LDAPS (enabling MS Azure AD Domain Services)? Maybe with some Extension or API, using Oauth2 protocol?

    For example, similarly as it is done with the Intune, where you configure Authentication Source Type HTTP and point Base URL to Intune Extension IP.

    Thanks for any thoughts!



    ------------------------------
    Kestutis Viršilas
    ------------------------------


  • 2.  RE: Azure AD as ClearPass Authentication Source for TACACS+

    Posted Jun 01, 2021 04:09 PM
    You should use SSH public key authentication. Legacy authentication methods should never be used.

    ------------------------------
    Tim C
    ------------------------------