Become a Member
Dear Experts,
When we configure active directory as authentication source, we get the options to select its field as role and/or attributes. What is meant by roles or attributes in this context?
This may be of help.
https://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/Active%20Directory/AD_auth_source_adding.htm#Source
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.--Problem Solved? Click "Accepted Solution" in a post.
Let me give you an example:John belongs to department “Finance”, so when his laptop joins domain it belongs to the Finance group. Hopefully you AD team has done this correctly.In CPPM, If the Authentication Sources > Attributes > Groups enable as Role you find a role shows up automatically as “Finance” and probably another role [Machine Authenticated] in Access Tracker Summary when John laptop authenticated. You can base on this and build your Enforcement profile.If the Authentication Sources > Attributes > Groups enable as Attribute you find Authorization:<domain>: Groups “Finance” in Access Tracker > Input > Authorization Attributes. And of course you can build your Enforcement profile base on this.Hope that helps.