Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Sponsored Guest access with specific AD groups

This thread has been viewed 12 times
  • 1.  Clearpass Sponsored Guest access with specific AD groups

    Posted Oct 20, 2021 07:24 AM
    Hi all,

    I've setup guest access with sponsor approval but our customer want to limit the number of sponsors with an AD security group.
    Is this possible?

    Kind regards,

    ------------------------------
    Thomas Willems
    ------------------------------


  • 2.  RE: Clearpass Sponsored Guest access with specific AD groups

    Posted Oct 20, 2021 09:26 AM
    You can edit the Guest Operator Login service to assign operator privilege. You can assign the AD group you want top use a role, and match on that to enforce a gest operator role. The "admin-privileges" value will translate to what operator role in clearpass guest they will get. 






    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Clearpass Sponsored Guest access with specific AD groups

    Posted Oct 20, 2021 09:33 AM
    Hi,

    That is 1 step, but in the guest portal the guest gets a dropdown for choosing his sponsor. 
    Is there a way to limit this?

    Kind regards,

    ------------------------------
    Thomas Willems
    ------------------------------



  • 4.  RE: Clearpass Sponsored Guest access with specific AD groups

    Posted Oct 20, 2021 09:35 AM
    If your looking to limit the names that show up for a sponsor search in your registration form, see below for where to apply an LDAP filter for the lookup. You can use a filter like the one below to help only list the group you want to show up:

    (&
      (objectClass=user)

      (objectCategory=person)
      (|

        # Match users in any of these groups

        (memberOf=CN=Group1,OU=ou-name,DC=domain,DC=com)

        (memberOf=CN=Group2,OU=ou-name,DC=domain,DC=com)
        (memberOf=CN=Group3,OU=ou-name,DC=domain,DC=com)

      )
      (|

        # Match users by any of these criteria

        (sAMAccountName=*@SEARCH@*)
        (displayName=*@SEARCH@*)

        (cn=*@SEARCH@*)

        (sn=*@SEARCH@*)

        (givenName=*@SEARCH@*)

      )

    )






    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------