We would like to allow our users to onboard personal devices which they would then be able to connect to a BYOD network.
Is it possible for us to authenticate their access to the self-service onboard pages using ADFS? If so is there any guidance on how to do this?
Yes you should be able to authenticate the users against AD. Just add the Authentication and Authorization sources of your AD server once you add it as a source in your On-Board Preauth and Auth services.
I know very little about AD so this is a bit of a minefield for me! I kind of understand that ADFS is some sort of SSO layer that allows federated AD access. What I'm not really clear on is how that makes it different from AD in terms of using it as an auth source. But it sounds like I should configure it as an authentication source in the same way that I would if it was an AD server, is that right?
Do I also have to add the ClearPass boxes to the AD domain or is that not necessary?
Thanks for your help with this,
Yes you want to add the clearpass servers to the domain.
You do not need to connect CPPM to Active Directory Domain Services to use ADFS. That's the point of ADFS.
Set up ADFS as the IdP for CPPM using SAML.
You should only ever join CPPM to an AD DS domain when using legacy authentication (PEAPv0/EAP-MSCHAPv2).
Ok thank you - actually this is more what I was expecting, I worded my question poorly. I'd better update the 'solution'.
I found the SSO Single Sign-On section under Identity in CPPM, I'm liaising with the chaps who run our ADFS so hopefully we can exchange info to complete this process.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.