We are currently using Clearpass Guess Self-Registration with Social Logins (Microsoft Azure AD) which is working fine however running into the following issue when it comes to MFA (Azure AD MFA during the Social Login process) using iOS devices (iPhone and iPads).
Issue 1: Disable CNA Option
- User connects to WiFi
- Apples Captive Network Assistant brings up the Captive Portal (Clearpass)
- User select Microsoft Azure AD social login
- User enters credentials
- User prompted for MFA Challenge (This is from AzureAD)
- User switches to SMS App or Authenticator app to retrieve code - This action closes the Apple Captive Network Assistant and user cannot proceed as Apple CNA starts again and repeats the above loop without success
Issue 2: Enable CNA Option
- User Connects to WiFi
- iPad/iPhone does not auto launch browser to captive portal
- User tries to open Safari App, not redirected to captive portal
- User can however type the URL to the ClearPass Guest Captive Portal and proceed successfully and authenticate using Microsoft Azure AD social login + MFA
Note: If the user has Google Chrome App installed on iPad/iPhone they are redirected to our Clearpass Captive Portal automically (not sure if this is a Safari issue or Apple device limitation)
Has anyone had any success in moving past this? I assume the same issues above would happen using say the social login for Facebook or gmail if the user had MFA enabled on their respective accounts?
Any Assistance or advise would be greatly appreciated