Security

last person joined: 15 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Okta and 802.1X authentication

  • 1.  Okta and 802.1X authentication

    Posted 14 days ago
      |   view attached

    Hi Experts,

    Using Okta for cloud identity provider as shown in this guide ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf it is possible to perform the onboard process of the device using Okta credentials. A certificate will be issued and a network profile will be configured in the device.

    The next step, the device will connect to an SSID with 802.1X EAP-TLS.

    To complete this task a new service on the clearpass needs to be created to authenticate with the EAP-TLS method.
    My question is about which authentication source should I use on this service to successfully authenticate the device.? Onboard Device Repository, Local Endpoint Repository, etc. Any Idea?

    Thank you,




  • 2.  RE: Okta and 802.1X authentication

    Posted 13 days ago
    You don't use an Authentication Source.

    ------------------------------
    Tim C
    ------------------------------



  • 3.  RE: Okta and 802.1X authentication

    Posted 13 days ago
      |   view attached

    For the Onboard pre-auth service, the auth source is not required, but for EAP-TLS authentication using Aruba 802.X Wireless service, it requires me to specify at least one auth source.

    I tried to add some for test and got this message on the access: EAP-TLS: Authentication failure, unknown user. 

    I confirmed in the Clearpass Onboard user/certs and they are there for this user, but auth failed.

    Because of this message, I did double-check what would be the correct auth source. 

     






  • 4.  RE: Okta and 802.1X authentication

    Posted 13 days ago
    You need to create a new EAP-TLS method with authorization disabled.

    ------------------------------
    Tim C
    ------------------------------



  • 5.  RE: Okta and 802.1X authentication

    Posted 13 days ago
    Thank you. I will test and post the results here.





  • 6.  RE: Okta and 802.1X authentication

    Posted 12 days ago
    Thanks a lot Tim.
    The authentication worked with a new EAP-TLS method with authorization disabled.