Yes, that works.
Trust the corresponding CA in ClearPass and deactivate the authorization in the Authentication Method
Be careful, the authentication method applies to all authentication requests processed by the service.
You can create a dedicated service for these requests.
The Intune ID is probably used as the user name. You can filter the user name in the service rule with a reg-ex.
------------------------------
Regards,
Waldemar
ACCX # 1377, ACEP, ACX - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Mar 17, 2024 05:25 PM
From: aurioonius
Subject: 802.1x without AD
Hello,
Is it possible to create a service with Authentication only based on the client presenting a valid Device certificate that is trusted by ClearPass?
Devices are managed by MS Intune and they are not in on-prem AD. Certificates are issued to devices by on-prem CA + Intune (with Intune Certificate Connector app).
We would like to have a service where ClearPass checks client's certificate and if it is valid - give access to the network. What should we select as Authentication source?
We only have entry licenses, so cannot install ClearPass-Intune extension.