Wireless Access

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !

With Client Tags you can do some AuthZ based on behavior and device information. Currently, Client Insight (CI) doesn't support integration with external authorization sources. 

One of the conditions in the Tags is the Host Name. If the hostname contains a domein name this can maybe used. There is currently no build in option to restrict non-corp devices to join the network.

One other option you can look into is the restriction of the device enrollment via the Onboard workflow.  During onboarding the user needs to login via an IdP. Maybe the Onboard application login can be restricted to corp only devices in Entra (or other IdP)?

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !

Hi Willem,

saying that the host name could be used to filter allong the domain name, is there a way to use a "contains" condition for the hostname value?
There is no documentation (or I did not found it yet) about how to use the value field to filter for beginning phrases, like with wildcards or regex.
Use case: There are very bad generic IoT devices out there, like payment handhelds, using cheap wifi cards and the MAC OUI of the chipset.
They use often chipsets from manufacturers which are seen across multiple device types (eg. scanners, printers, pos systems), but they can often be devided by their hostnames.
Eg.: All POS systems got names like VFI-12345.
If we could use the hostname field to filter allong "contains VFI" we could devide this devices easyly...

With Client Tags you can do some AuthZ based on behavior and device information. Currently, Client Insight (CI) doesn't support integration with external authorization sources. 

One of the conditions in the Tags is the Host Name. If the hostname contains a domein name this can maybe used. There is currently no build in option to restrict non-corp devices to join the network.

One other option you can look into is the restriction of the device enrollment via the Onboard workflow.  During onboarding the user needs to login via an IdP. Maybe the Onboard application login can be restricted to corp only devices in Entra (or other IdP)?

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !

We're facing this exact same situation, except for iOS devices managed by Intune. The documentation on client tags and conditions is virtually non-existent. If I could find a way to tag a client device based on its Intune enrollment status, we'd be golden.

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !

I've seen a demo on New Central where an integration with Intune does exactly that; so that may become available in the future. You could check with your local HPE Aruba team if I've seen/understood this correctly.

We're facing this exact same situation, except for iOS devices managed by Intune. The documentation on client tags and conditions is virtually non-existent. If I could find a way to tag a client device based on its Intune enrollment status, we'd be golden.

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !

Currently this is available with Central - Clearpass integration.

Best, Gorazd 

I've seen a demo on New Central where an integration with Intune does exactly that; so that may become available in the future. You could check with your local HPE Aruba team if I've seen/understood this correctly.

We're facing this exact same situation, except for iOS devices managed by Intune. The documentation on client tags and conditions is virtually non-existent. If I could find a way to tag a client device based on its Intune enrollment status, we'd be golden.

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !

Hi,
yea ... it is like it is.
I'm looking forward to get contains, bgins with and so on, on centrals side also...
Some customers find it easier to use insight tags at role mapping, to only build custom fingerprint rules on central side.
At the moment, "fingerprint management" is some kind of splitted in two products...

Currently this is available with Central - Clearpass integration.

Best, Gorazd 

I've seen a demo on New Central where an integration with Intune does exactly that; so that may become available in the future. You could check with your local HPE Aruba team if I've seen/understood this correctly.

We're facing this exact same situation, except for iOS devices managed by Intune. The documentation on client tags and conditions is virtually non-existent. If I could find a way to tag a client device based on its Intune enrollment status, we'd be golden.

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !

HI all !
Trying to restrict only managed devices (Laptops) to access the wireless network.

Currently i have successfully configured Okta integration, users can connect via Aruba Networking Onboarding, they manage to connect to the SSID and everything works.
BUT that means that they connect with any device they want, mobile, personal laptop, work laptop etc.

I understand there is a way to configure the devices that log in with user tags via client profile, and with the conditions there, to configure it to restrict access only to devices under the domain.

the documentation is verry little (aruba guide), and there is know examples or explanation on how to configure the conditions.

Any guide/help ?

Thanks a lot !