Security

Hello,

I have a request from a customer who would like to integrate ClearPass with Okta for their TACACS/RADIUS device admin services. Specifically, IT admins would like to get prompted by Okta to authenticate at the time of network device admin logins. Is this possible? I assume that this will need to be configured via SSO but I've been unable to determine the steps needed to configure.

Thanks in advance,

-Ryan

It looks like this can be supported via adding Okta as a token server and pointing it to an Okta RADIUS server agent. Has anyone else attempted this before or can anyone offer additional guidance on how this integration would work?

Thanks in advance!

I got this working on a Cisco switch in my lab w/ Duo. I suspect the final configuration will be very similar w/ Okta. I'll report back with a more comprehensive write up once I'm able to test with my customer.

The below article was incredibly helpful for me.

In order to integrate with AD, I just substituted the Authentication Sources.

https://community.arubanetworks.com/t5/Security/From-zero-to-demo-Clearpass-DUO-and-2FA/td-p/471200

Hello REgan,

I am looking to do the same with a customer of mine. I still don't have the solution yet. working on it. if it happens that you have a solution. I do appreciate it if you share it with us.

Thanks,

Ali