Do you see the attributes that you want to set in Access Tracker during the SSO authentication? If so, you should be able to use the Entity Update enforcement to put those attributes into the endpoint (with value %{whateverisshowninaccesstracker}). If you don't see them in Access Tracker, try to get them there.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 17, 2022 01:30 AM
From: Victor Peter
Subject: ClearPass Onboard CA as authentication source
@Herman Robers: Any thoughts mate?
Original Message:
Sent: Aug 12, 2022 01:36 AM
From: Victor Peter
Subject: ClearPass Onboard CA as authentication source
Thanks Herman. Worked like a charm. There is a shift in customer requirement and they are not using Okta instead of Azure. The onbaording part is still working fine with Okta as well. Is there a way I can set certain attributes for user during onbaord based on what we receive from Okta during SSO.
E.g. Okta returns attribute X value = assign attribute X to user device during onboarding and for any subsequent EAP-TLS request, assign user role X based on attribute X associated to the onboarded device attribute
We are aware Okta and Onboard repository will be disjoint after initial onbaording but customer is happy to do it this way during interim period.
Original Message:
Sent: Aug 08, 2022 10:52 AM
From: Herman Robers
Subject: ClearPass Onboard CA as authentication source
You can create an EAP-TLS Authentication Method which has the option 'Authorization' disabled. In that case you don't need an Authentication Source (or can use the local user database or endpoint database in as authentication source).
Make sure that you do proper authorization during your role-mapping and/or enforcement.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 06, 2022 11:50 AM
From: Victor Peter
Subject: ClearPass Onboard CA as authentication source
Hello,
I have a client who is using ClearPass onboard+ Azure SSO to distribute client certificates (using Clearpass as CA). The question I have is can I use ClearPass Onboard as authentication source only for EAP-TLS in the 802.1x service or do I have to use Azure as authentication source?