Security

last person joined: 4 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass as two factor authenticator with SMS

Jump to Best Answer
  • 1.  ClearPass as two factor authenticator with SMS

    Posted Sep 04, 2018 09:20 AM

    Hi

     

    We would like to use Clearpass to perform two-factor authentication for a VPN box. The VPN box would send a radius request to Clearpass which authenticates the user against AD. Then Clearpass should send an SMS with the code to the users' number (AD telephone field?) which the users would have to input in a form. Is this possible? If yes, how would we be able to do this?

     



  • 2.  RE: ClearPass as two factor authenticator with SMS
    Best Answer

    Posted Sep 04, 2018 09:26 AM
    No, this is not possible without an MFA solution.


  • 3.  RE: ClearPass as two factor authenticator with SMS

    Posted Jul 10, 2019 04:11 AM

    Hi Tim.

     

    Is there any examples of how to integrate CPPM with 3rd party vpn devices that use CPPM for user authentication with 2FA with SMS ?

     



  • 4.  RE: ClearPass as two factor authenticator with SMS

    Posted Aug 22, 2019 03:51 AM

    Im stunned that this is not an option within Clearpass. I mean, they already have all the elements to make this work, eg: SMS engine, full control of the radius process, Access to AD.

     

    Im sad that I have to tell the customer that they have to keep a separate redundant NPS cluster running even after they have moved all auth to Clearpass, just to have MFA. Its annoying, when it seems you are 95% of the way to make it happen.

     

    How do I submit a feature request?



  • 5.  RE: ClearPass as two factor authenticator with SMS

    Posted Aug 22, 2019 03:57 AM

    Hi

    To file a feature request, go to: https://innovate.arubanetworks.com/

     



  • 6.  RE: ClearPass as two factor authenticator with SMS

    Posted Aug 22, 2019 04:17 AM

    Done, please upvote if anyone find this useful as well.

    https://innovate.arubanetworks.com/ideas/SEC-I-1197



  • 7.  RE: ClearPass as two factor authenticator with SMS

    Posted Aug 22, 2019 01:18 PM

    I'll add the same response here for benefit of others:

     

    "SMS is not a recommend second factor. NIST has recommended against its use. Stronger second factors should be used (and are already supported in CPPM). The SMS functionality in Guest was designed for low risk usage like validating a guest's phone number. We do not have plans to extend this feature."



  • 8.  RE: ClearPass as two factor authenticator with SMS

    Posted Sep 20, 2019 04:11 AM

    A lot of customers use SMS as a two factor for the internal users.

     

    Is there guides and support for integrating other "phone authentication" methods, like Google Authenticator or similar apps you can have on the phone. What are the Aruba recommendations for 2FA or Multi Authentication ?