I think this video covers the service creation. Although dated and the extension has changed some since then, the general idea should still be there.
First and foremost item: "Authorization Required" needs to be disabled in the auth method.
Original Message:
Sent: Nov 15, 2024 06:19 PM
From: youngc
Subject: Intune Clearpass Extension and MAC address randomization
Are you able to point me to the right direction on how I can change that? I am not too familiar with the ins and outs of Clearpass.
This is my current authentication method:
Original Message:
Sent: Nov 15, 2024 06:06 PM
From: chulcher
Subject: Intune Clearpass Extension and MAC address randomization
You're still trying to authenticate based on the username from the certificate which isn't how this process works. The certificate gets validated (validity period, trust chain) and then you authorize the session based on the relevant attributes.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Nov 15, 2024 05:55 PM
From: youngc
Subject: Intune Clearpass Extension and MAC address randomization
I did some changes below is now my new PKCS config.
I also updated the HTTP source:
This is the access tracker log
Original Message:
Sent: Nov 15, 2024 12:47 PM
From: chulcher
Subject: Intune Clearpass Extension and MAC address randomization
You'll want to look at something more current.
https://www.arubanetworks.com/techdocs/NAC/clearpass/integrations/unified-endpoint-management/intune/
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Nov 15, 2024 12:45 PM
From: youngc
Subject: Intune Clearpass Extension and MAC address randomization
I used the integration guide from Aruba.
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00112290en_us
Original Message:
Sent: Nov 15, 2024 09:46 AM
From: chulcher
Subject: Intune Clearpass Extension and MAC address randomization
What instructions were you following to setup the integration?
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Nov 14, 2024 05:54 PM
From: youngc
Subject: Intune Clearpass Extension and MAC address randomization
Hi,
I'm having issues with devices that has MAC address randomization turned on, according to the logs, the username presented can't be found, the username is the Microsoft Entra Device ID. If I turn off randomization, the devices can connect just fine. When I do a lookup in Configuration -> Identity -> Endpoints and filter attribute for Intune Azure AD Device Id, the devices does exist. This is how the service Authentication and Authorization tabs are setup:
And here is the Intune HTTP authentication source is setup:
Not sure if I missed something in the Intune extension guide. The certificate is setup to have the subject name as the Microsoft Entra Device ID and I also added the Intune Device ID as a URI attribute.