You need to create a new EAP-TLS method with authorization disabled.
Original Message:
Sent: Jan 13, 2021 11:43 AM
From: Ed Carlos Alves de Deus
Subject: Okta and 802.1X authentication
For the Onboard pre-auth service, the auth source is not required, but for EAP-TLS authentication using Aruba 802.X Wireless service, it requires me to specify at least one auth source.
I tried to add some for test and got this message on the access: EAP-TLS: Authentication failure, unknown user.
I confirmed in the Clearpass Onboard user/certs and they are there for this user, but auth failed.
Because of this message, I did double-check what would be the correct auth source.
Original Message:
Sent: Jan 13, 2021 11:06 AM
From: Tim C
Subject: Okta and 802.1X authentication
You don't use an Authentication Source.
------------------------------
Tim C
Original Message:
Sent: Jan 12, 2021 05:04 PM
From: Ed Carlos Alves de Deus
Subject: Okta and 802.1X authentication
Hi Experts,
Using Okta for cloud identity provider as shown in this guide ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf it is possible to perform the onboard process of the device using Okta credentials. A certificate will be issued and a network profile will be configured in the device.
The next step, the device will connect to an SSID with 802.1X EAP-TLS.
To complete this task a new service on the clearpass needs to be created to authenticate with the EAP-TLS method.
My question is about which authentication source should I use on this service to successfully authenticate the device.? Onboard Device Repository, Local Endpoint Repository, etc. Any Idea?
Thank you,