Cloud Managed Networks

 View Only
last person joined: 3 days ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Expand all | Collapse all

Aruba Cloud Auth - Azure AD Aruba Central Integration

This thread has been viewed 46 times
  • 1.  Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 21, 2024 01:01 PM

    Hello guys i have a question regarding this

    I have already set this without issues It is running fine, everyone is onboarding their TLS certificate for 1 year, and its all good

    here is the question

    For the next year we will have to create a new cloud auth secret so the Aruba central can authenticate again another year? and also i guess everyone will need to onboard AGAIN with the application of the certificate for all the devices 

     i believe that the time of the certificate depends on the auth secret? right?



  • 2.  RE: Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 24, 2024 08:15 AM

    In the Aruba Onboard APP there is an option to refresh the profile. 

    I tested it and it also does change the certificate expiration date. 

    Following screenshot would be helpful.

    Step1: Right click (for laptop) on the Network profile  - on smart phone swipe to the right and should be able to get the network refresh option.


    Click on Refresh and the last updated section should change - as you can follow in the below screenshot.



    Under certmgr - expiration date should change to the current date.


    Hope it helps!



    ------------------------------
    Regards, Sajin
    ACMX, ACX-CA
    ------------------------------



  • 3.  RE: Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 24, 2024 03:46 PM

    so the process would be create a new cloud auth secret so the Aruba central can authenticate again another year and after that  use the refresh button on the app that is installed on the machines

    Let me know if I'm missing something?

    Thanks

    Carlos




  • 4.  RE: Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 25, 2024 04:27 PM

    Also, I forgot to tell you that my application didn't look like that and I didn't have the refresh button

    What I did to test was that if he installed the app again and re-ran it, it gave him a new certificate with a new expiry date of one more year 

    About the client's secret, I guess I just need to create a new one on Azure and then on Central, it will give me the option to show and after that, I can conceal it, the password it was showing was not the client secret.  So I'm confused.  

    I didn't want to try to delete it because I'm not doing that work yet but I guess I can delete it and put in the new one right?




  • 5.  RE: Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 25, 2024 04:46 PM

    No, once IDP (azure) is connected no need to change the secret after 12 months.

    Network refresh will update the certificate.

    Refresh works for me on different type of devices.

    Are you testing on a laptop/smartphone?



    ------------------------------
    Regards, Sajin
    ACMX, ACX-CA
    ------------------------------



  • 6.  RE: Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 25, 2024 04:55 PM

    hello

    my client's secret expires soon at the end of this month, I did last year this integration, that's why I was asking if the only thing I needed to do was create a new client secret and go to the Aruba Central and change that client secret and save the change

    The device is a Windows, but the app doesn't look like yours, it doesn't say central.

    They are using Aruba OS 8 and not Aruba OS 10, not sure if it's for this. 

    Thanks!




  • 7.  RE: Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 25, 2024 04:58 PM

    Wait

    Yours says NEW central

    I'm not using the new central or trying the new central out, maybe is because of that?




  • 8.  RE: Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 26, 2024 03:38 AM

    Not really - that is on AOS 10 but not using the new central. 
    Shouldn't matter though - client secret is for application so you can do it without causing disruption to the client. 

    Additionally there are custom option for client secret expiry which could be used to set longer expiry.



    ------------------------------
    Regards, Sajin
    ACMX, ACX-CA
    ------------------------------



  • 9.  RE: Aruba Cloud Auth - Azure AD Aruba Central Integration

    Posted Jun 26, 2024 03:31 AM

    If your Entra ID Client Secret expires at the end of this month, make sure that you create a new secret as soon as possible and enter that in Central.

    Your Entra ID Client Secret (API) needs to be continuous valid. It's for the connection between Central and Entra ID (Azure), and is fully independent from the client profile.

    If your client secret in Entra ID expires, create a new one (with + New client secret) and enter that in your Central Authentication & Policy configuration:

    You can create a secret with up to 2 year validity, and can create as many as you want, so if you prefer the default validity of 1 year, you could create a new secret every 6 months for example to have a remaining validity of at least 6 months every time.

    If your client secret expires, I'd expect new clients no longer to be able to onboard/get new certificates (note certificates will be 1 year valid, regardless the client secret expiration/validity). I'm not sure what happens with clients that have a valid certificate, but try to log on after the secret expired, but can imagine that they won't get access as the account cannot be validated anymore to Entra ID (Authorization!). As soon as your renew the client secret, I'd expect existing clients to connect for sure.

    Client secret is between Central and Entra ID communication. Make sure it is renewed in time and continuous valid.

    Onboarded clients have a certificate that is used during network authentication, and only is relevant between the client and Central Cloud Authentication and Policy.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------