last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass CA & MDM

  • 1.  ClearPass CA & MDM

    Posted 15 days ago
    Hello everybody.

    I'd like to know if ClearPass would work in this scenario:

    • Azure AD (or AADDS if required)
    • Third-party MDM/EMM service
    • ClearPass RADIUS & Certificate Authority

    Would ClearPass be able to work as the CA and hand out certificates for the MDM service to install them automatically on client devices? EAP-TLS so not really any need to authenticate individual users, but to provision new devices through a separate provisioning network and then connect with the certificate to the production network.

  • 2.  RE: ClearPass CA & MDM

    Posted 15 days ago

    You can use ClearPass OnBoard CA for clients certificate enrolment over SCEP. Please refer to the "SCEP setup" in ClearPass EMM integration guide.

    Tech Note ClearPass EMM Integration V5

    Saravanan Rajagopal

  • 3.  RE: ClearPass CA & MDM

    Posted 12 days ago
    Thanks! Are there any other resources for using ClearPass this way? Most guides seem to give examples for using the Onboard web-interface.

  • 4.  RE: ClearPass CA & MDM

    Posted 9 days ago

    Only ClearPass OnBoard can service SECP/EST enrolment.
    You could get the certificate signed via RESTApi, but again this will use one of the OnBoard CAs to sign the client certificate.

    Saravanan Rajagopal

  • 5.  RE: ClearPass CA & MDM

    Posted 8 days ago
    Just to add to Saravanan post, just be aware to achieve cert-enrollment via EST/SCEP to an MDM might require you to 'expose' your CPPM to the WWW especially if the MMD Mgmt is cloud based, while not perfect its a consideration you need to consider in planning to lock the process down.

    Danny Jump

  • 6.  RE: ClearPass CA & MDM

    Posted 5 days ago
    That's good to know, thanks.