Security

last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Survey / Consent for employees

Jump to Best Answer
  • 1.  ClearPass Survey / Consent for employees

    Posted Sep 08, 2020 11:38 AM

    Good morning everyone,

    We have a customer request to implement a COVID related survey form that would be required for employees to fill out every day before using the wireless.

     

    Although this seems like it would be a simple case of MAC Caching, I am having trouble as to how to implement the actual questions within a web login form, since these are AD users (so no self-registration portal). I am trying to avoid having a separate web server / DB with the survey info and would use the Endpoint database attributes to retain user answers (simple questions - last measure temperature, symptons, etc).

     

    I was considering using the pre-auth application service to store these, but my issue is how to relay this info from the login form when the user click submit, especially since I do not know html/java very well.

     

    Anybody every implement something like this?

     

    Thanks!

    RK



  • 2.  RE: ClearPass Survey / Consent for employees

    Posted Sep 08, 2020 03:43 PM

    Don't do this. A MAC address is not a user identity.



  • 3.  RE: ClearPass Survey / Consent for employees
    Best Answer

    Posted Sep 10, 2020 08:42 AM

    Have not heard people doing this before. What you could try in this case is to redirect people through a MAC Registration process and have them log in to sponsor their own MAC address. Add some additional fields to get your data, which will be stored in the Guest Device Database.

     

    You might use the sponsored guest registration flow as well to let users sponsor their-selves and use AD login to link the responses to a specific user.

     

    Note that a captive portal will be intrusive for the end-user and for just getting on the network may be too annoying for people to actually use it.



  • 4.  RE: ClearPass Survey / Consent for employees

    Posted Sep 10, 2020 08:51 AM

    Thanks for the help!

     

    And I do agree, a MAC address is not an identity, but would serve a temporary purpose.

     

    In the end, we decided to add an external web-page and DB for this function which will be consulted by ClearPass.

     

    -RK