Security

 View Only
  • 1.  Is there an extension for Clearpass for Google Chromebooks like Intune or Jamf Pro?

    Posted Nov 08, 2024 08:04 AM

    Is there an extension similar to Intune or Jamf Pro that imports all the devices in Google Workspace into clearpass so we can authorize those devices?

    I see Google Sldap connector, but Im not looking to authenticate against google, just have something import all the macs of our chromebooks into clearpass so i can create a tips role or whatever and authorize them. 

    thanks!



  • 2.  RE: Is there an extension for Clearpass for Google Chromebooks like Intune or Jamf Pro?

    Posted 30 days ago

    Hopefully someone has already done this. We have same situation. :)




  • 3.  RE: Is there an extension for Clearpass for Google Chromebooks like Intune or Jamf Pro?

    Posted 27 days ago

    The problem with importing mac addresses these days is that many devices start randomizing their mac addresses, so it may not even work.

    There may be an alternative route, where you onboard your chromebooks and then assign roles based on the certificate information. If you have an alternative way of onboarding, and can put some identifying information in the certificate (or use a specific issueing CA), you could assign roles based on that as well...



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 4.  RE: Is there an extension for Clearpass for Google Chromebooks like Intune or Jamf Pro?

    Posted 26 days ago

    Onboarding is the better way which is the way I'm trying to push in my organization.  Google can apparently connect to an active directory certificate server so that's what I'm planning to do (but it's a pile of a lot of other stuff to do as well) - https://support.google.com/chrome/a/answer/11053129?hl=en

    Old instructions for the Endpoint Context Server is below but I wouldn't say it's the best, google often throws some weird stuff but in "general" it's better than loading them into the guest device database - which was the original way we had to do it.

    https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointContextServersAdd_GoogleAdminConsole.htm#top

    https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointContextServersAdd_GoogleAdminConsole.htm#top