You should always use dual SSID Onboarding and integrate with your existing unified login workflow (SSO).
like i said, there is the possibility that the user connected to a rogue AP and provide them the AD credential. for integration with existing SSO, any link related to this?
i am thinking about another workflow for secure onboard provisioning:
let say the user first complete guest registration like any other guests do. After that they will sign in using the credential sent to their email.
After this, Clearpass will use two different workflow for guest and BYOD by checking the email domain entered in the guest registration. If the domain is the user corporate domain, letsay xyz.com, then clearpass will redirect the user to onboarding portal, otherwise they will automatically get internet access. This will ensure the user to fill AD credential on onboarding portal to the correct corporate WLAN
can we do this?
How are you preventing these concerns for ANY other web-based login in your environment?
The recommended Onboard flow is:
I'm not really following how your proposed workflow works / solves anything.
Thank you!, i will check with the user with this SSO integration possibility
But how do they get the guest credential? What's to stop a guest from getting an account?
By using sponsor approval?
we can set the all guest (including BYOD user) to fill their PIC for sponsol approval and limited to the corporate xyz.com email domain. For BYOD case, they can fill their own corporate email as their sponsor and approve it by themself, then they will get the credential sent to their email. If they enter their corporate email for their identity in the guest registration, they will be redirected to onboard, otherwise they will only get ordinary guest rule which is internet access only and not being redirected to onboarding.
yes yes correct, it doesn't make sense
i will try with the best practice as you described above,
and if not possible maybe thats when the wips solution will come into play
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.