Security

Hi,

Looking for some advice.  Currently we have onguard set up to use windows credentials passthru but the new windows builds are using pin as part of windows hello.  We are experiencing issues with failed authentications for windows machines due to this.  Is there any way to authenticate onguard using the pin or any future updates that would help resolve this?

Thanks

------------------------------
Alistair Wilkie
------------------------------

The idea of Windows Hello PIN, is that that is local to your computer and not tied to the password... which means that you cannot use that to authenticate against ClearPass. Users should enter their AD account password for OnGuard, and while not tested in combination with Hello, you should be able to configure Windows SSO for OnGuard to overcome this issue.

If that doesn't work, please open a TAC case or have your local Aruba SE reach out to the product management team, as the request in itself sounds fair to me.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 17, 2021 08:49 AM
From: Alistair Wilkie
Subject: Windows Pin with Onguard

Hi,

Looking for some advice.  Currently we have onguard set up to use windows credentials passthru but the new windows builds are using pin as part of windows hello.  We are experiencing issues with failed authentications for windows machines due to this.  Is there any way to authenticate onguard using the pin or any future updates that would help resolve this?

Thanks

------------------------------
Alistair Wilkie
------------------------------

Thanks for replying.  We have SSO turned on for OnGuard and with our older Windows builds that are not using Hello are working fine and automatically logging into OnGuard.  It is only the new machines that are failing authentication as I believe the Pin number is being passed through to OnGuard.  Do you have any configuration plans I could look at to see if there is something amiss in our setup?

------------------------------
Alistair Wilkie
------------------------------

Original Message:
Sent: Nov 18, 2021 07:48 AM
From: Herman Robers
Subject: Windows Pin with Onguard

The idea of Windows Hello PIN, is that that is local to your computer and not tied to the password... which means that you cannot use that to authenticate against ClearPass. Users should enter their AD account password for OnGuard, and while not tested in combination with Hello, you should be able to configure Windows SSO for OnGuard to overcome this issue.

If that doesn't work, please open a TAC case or have your local Aruba SE reach out to the product management team, as the request in itself sounds fair to me.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 17, 2021 08:49 AM
From: Alistair Wilkie
Subject: Windows Pin with Onguard

Hi,

Looking for some advice.  Currently we have onguard set up to use windows credentials passthru but the new windows builds are using pin as part of windows hello.  We are experiencing issues with failed authentications for windows machines due to this.  Is there any way to authenticate onguard using the pin or any future updates that would help resolve this?

Thanks

------------------------------
Alistair Wilkie
------------------------------

I'm not aware of plans with Windows Hello, and it's the first time that I hear this. I can imagine that it is incompatible, but don't know and never tested it.

Please open a TAC Support case to have the issue investigated.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 19, 2021 05:12 AM
From: Alistair Wilkie
Subject: Windows Pin with Onguard

Thanks for replying.  We have SSO turned on for OnGuard and with our older Windows builds that are not using Hello are working fine and automatically logging into OnGuard.  It is only the new machines that are failing authentication as I believe the Pin number is being passed through to OnGuard.  Do you have any configuration plans I could look at to see if there is something amiss in our setup?

------------------------------
Alistair Wilkie

Original Message:
Sent: Nov 18, 2021 07:48 AM
From: Herman Robers
Subject: Windows Pin with Onguard

The idea of Windows Hello PIN, is that that is local to your computer and not tied to the password... which means that you cannot use that to authenticate against ClearPass. Users should enter their AD account password for OnGuard, and while not tested in combination with Hello, you should be able to configure Windows SSO for OnGuard to overcome this issue.

If that doesn't work, please open a TAC case or have your local Aruba SE reach out to the product management team, as the request in itself sounds fair to me.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 17, 2021 08:49 AM
From: Alistair Wilkie
Subject: Windows Pin with Onguard

Hi,

Looking for some advice.  Currently we have onguard set up to use windows credentials passthru but the new windows builds are using pin as part of windows hello.  We are experiencing issues with failed authentications for windows machines due to this.  Is there any way to authenticate onguard using the pin or any future updates that would help resolve this?

Thanks

------------------------------
Alistair Wilkie
------------------------------