Hi Frederik
One of the big changes in 6.12 compared to 6.11 is the enhanced functions related to Entra ID.
"This release further enhances ClearPass support for Microsoft Entra ID (previously Azure Active Directory, or AAD) as an authorization source. The Microsoft Entra ID authorization capabilities are now extended to allow customers to use more than just user groups for authorization. This feature also supports certificate-based setups, so customers can choose to use either cleartext secrets or certificates to connect Microsoft Entra ID with ClearPass. As part of this feature, when Microsoft Entra ID is configured as an authorization source: (CP‑47920, CP‑48279, CP‑50884)
- Administrators can choose to use certificates instead of API tokens.
- Filtering can be done by group, assigned role, user, user type, MFA status, location, and more.
- The Event Viewer includes alerts for expiring client secrets.
- Additional default authorization attributes are available. The following attributes are not shown in the filter and must be manually entered in the filter query:
- users.accountEnabled
- users.userPrincipalName
- group.displayName
For more details, see the Microsoft Entra ID topic in the ClearPass Policy Manager 6.12 User Guide."
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Oct 08, 2024 07:22 AM
From: FreddyG
Subject: Clearpass 6.11. Entra ID
Hi all,
recently I had some PoCs with Entra ID in different scenarios. The EAP-TLS authentication based on a user cert did work quite well, but I came across the TLS authentication / authorization of a computer cert.
I found the following HPE Aruba article which describes how this can be achieved. At the end it states, that it should work in 6.11. and 6.12. Unfortunately I wasn't able to get this running with the latest 6.11. code. The Entra ID passage in the 6.12. user guide is also different to the 6.11.
Does anyone know if this a 6.12. feature or have a hint how to get this running in 6.11.?
thanks in advance
------------------------------
Frederik
------------------------------