Security

Is there an extension similar to Intune or Jamf Pro that imports all the devices in Google Workspace into clearpass so we can authorize those devices?

I see Google Sldap connector, but Im not looking to authenticate against google, just have something import all the macs of our chromebooks into clearpass so i can create a tips role or whatever and authorize them. 

thanks!

Is there an extension similar to Intune or Jamf Pro that imports all the devices in Google Workspace into clearpass so we can authorize those devices?

I see Google Sldap connector, but Im not looking to authenticate against google, just have something import all the macs of our chromebooks into clearpass so i can create a tips role or whatever and authorize them. 

thanks!

Is there an extension similar to Intune or Jamf Pro that imports all the devices in Google Workspace into clearpass so we can authorize those devices?

I see Google Sldap connector, but Im not looking to authenticate against google, just have something import all the macs of our chromebooks into clearpass so i can create a tips role or whatever and authorize them. 

thanks!

Onboarding is the better way which is the way I'm trying to push in my organization.  Google can apparently connect to an active directory certificate server so that's what I'm planning to do (but it's a pile of a lot of other stuff to do as well) - https://support.google.com/chrome/a/answer/11053129?hl=en

Old instructions for the Endpoint Context Server is below but I wouldn't say it's the best, google often throws some weird stuff but in "general" it's better than loading them into the guest device database - which was the original way we had to do it.

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointContextServersAdd_GoogleAdminConsole.htm#top

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointContextServersAdd_GoogleAdminConsole.htm#top

Is there an extension similar to Intune or Jamf Pro that imports all the devices in Google Workspace into clearpass so we can authorize those devices?

I see Google Sldap connector, but Im not looking to authenticate against google, just have something import all the macs of our chromebooks into clearpass so i can create a tips role or whatever and authorize them. 

thanks!

Herman, as always, you're super helpful. I'll see if I can look into onboarding and then assing them a role. 

AlanW, that's the guide I was following - thanks for posting that. The hiccup with those is when I go to authorize clearpass, I'm greated with an error "You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.". 

I know Google has or will soon phase out less secure apps so I don't see this as being a long term solution even if I get through this. I just opened a case about it with Aruba specifically, but I'll look into the onboarding. 

We dont have any onboarding license in Clearpass so we'd have to do something outside of clearpass I believe, but this gives me something to think about. 

Thank you!

Onboarding is the better way which is the way I'm trying to push in my organization.  Google can apparently connect to an active directory certificate server so that's what I'm planning to do (but it's a pile of a lot of other stuff to do as well) - https://support.google.com/chrome/a/answer/11053129?hl=en

Old instructions for the Endpoint Context Server is below but I wouldn't say it's the best, google often throws some weird stuff but in "general" it's better than loading them into the guest device database - which was the original way we had to do it.

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointContextServersAdd_GoogleAdminConsole.htm#top

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointContextServersAdd_GoogleAdminConsole.htm#top

Is there an extension similar to Intune or Jamf Pro that imports all the devices in Google Workspace into clearpass so we can authorize those devices?

I see Google Sldap connector, but Im not looking to authenticate against google, just have something import all the macs of our chromebooks into clearpass so i can create a tips role or whatever and authorize them. 

thanks!

TAC was able to help me get my log in box to show up and everything is working now. 

Even though I supplied Google with my proper FQDN of my clearpass server, I didn't specify what our FQDN was under Administration -> Server Manager-> Server Configuration -> FQDN. I only had entered in my server setup the HOSTNAME of the device. Once we added the FQDN (from step 4 of the Google Workspace side of that above doc) we were able to get a log in box, authenticate clearpass successfully and it's pulling in mac addresses now. 

Thank you so much!!

Herman, as always, you're super helpful. I'll see if I can look into onboarding and then assing them a role. 

AlanW, that's the guide I was following - thanks for posting that. The hiccup with those is when I go to authorize clearpass, I'm greated with an error "You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.". 

I know Google has or will soon phase out less secure apps so I don't see this as being a long term solution even if I get through this. I just opened a case about it with Aruba specifically, but I'll look into the onboarding. 

We dont have any onboarding license in Clearpass so we'd have to do something outside of clearpass I believe, but this gives me something to think about. 

Thank you!

Onboarding is the better way which is the way I'm trying to push in my organization.  Google can apparently connect to an active directory certificate server so that's what I'm planning to do (but it's a pile of a lot of other stuff to do as well) - https://support.google.com/chrome/a/answer/11053129?hl=en

Old instructions for the Endpoint Context Server is below but I wouldn't say it's the best, google often throws some weird stuff but in "general" it's better than loading them into the guest device database - which was the original way we had to do it.

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointContextServersAdd_GoogleAdminConsole.htm#top

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointContextServersAdd_GoogleAdminConsole.htm#top

Is there an extension similar to Intune or Jamf Pro that imports all the devices in Google Workspace into clearpass so we can authorize those devices?

I see Google Sldap connector, but Im not looking to authenticate against google, just have something import all the macs of our chromebooks into clearpass so i can create a tips role or whatever and authorize them. 

thanks!