Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass last login data

This thread has been viewed 16 times
  • 1.  ClearPass last login data

    Posted 11 days ago
    Hello!

    Today we have an MFA authentication source that is working as expected for all of our administrative access. However, we are studying a way to not ask for the MFA in some situations, like heavy users that access a lot of equipments during all day.

    We thought about something like "If there was an approvalm from this same user + source IP in the last 1 hour, don't prompt the token authentication"

    I can think in the logical of the thing, but cannot find where could I find the data itself to apply actions. Any ideas?

    Thanks in advance.

    Luiz

    ------------------------------
    Everson Santos Junior
    ------------------------------


  • 2.  RE: ClearPass last login data

    Posted 10 days ago
    I would think that this should be possible with a custom query to the Insight database. Your Aruba partner or Aruba support may be supportive in this.

    Sometimes you can do this as well in the MFA solution itself, as that is the place where you see all actions from a user and decide on the required authentication steps.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: ClearPass last login data

    Posted 10 days ago
    Hi Herman!

    I looked and Duo doesn't have "Remember me" to RADIUS standard applications. What I thouth was if there is a way to capture from ClearPass the last time the user (and maybe some other RADIUS attributes) got a positive hit on the ClearPass service that has the Duo factor activated.

    If I could get that wouldn't it be possible to do something like "if the time difference between now and last time the user got positive hit is less than an hour, give a RADIUS Access-Accept."

    Thanks in advance.


  • 4.  RE: ClearPass last login data

    Posted 9 days ago
    That information can probably be pulled from Insight, what might complicate is that the authentication sources are tied to the service, and I don't think it's easy to filter your services based on Insight queries.

    I don't have a canned answer, it may be possible, but best to work through your Partner/TAC/Local Aruba SE to get this type of functionality validated.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------