SAML only is active during the Onboarding. For post onboarding authorization, you may use the Entra ID Authorization Source (ClearPass 6.12) to check group membership (and deleted accounts!) for dynamic VLAN assignment.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jun 28, 2024 09:09 AM
From: thilina
Subject: Clearpass Onboard with Azure AD SAML
Hi,
I'm trying to build a Clearpass onboard solution for a POC and using Azure AAD as inner authentication method with SAML integration.For onboard client certs I'm going to use clearpass on-boarding CA as well. there is a requirement that dynamic VLANs to be returned to controller based on the user functioning level in the organization. like accounts - VLAN 10, corporate - VLAN 20 , management - VLAN 30 to placed the users BYOD devices on the corresponding VLANs.
Is this is possible to achieve with on-boarding with single SSID ? , how can I call the users group membership from AAD through SAML and use that information to return the VLAN dynamically after on-boarding complete.?
Thanks..
Regards
Thilina