Hi
I have personally not tried the scenaro you are trying to implement.
Do you have the MAC addresses in Entra ID? If so, is the MAC address format the same as the format of the string returned by %{Endpoint:Username}.
userPrincipalName is normally in the format like firstname.lastname@domain.com, and I'm thinking in your case maybe macaddress@domain.com. If so you may need to add the domain suffix to the query like the one below. I have also added the comparison eq to the query.
/users/?$select=mail,userPrincipalName,id,department,accountEnabled&$filter=userPrincipalName eq %{Endpoint:Username}@domain.com
Try with both just adding the eq to the query and also add a UPN suffix.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Oct 02, 2024 09:50 AM
From: cauliflower
Subject: Using Entra as authorization source for Guest wifi login
Hello,
I have been trying to add Entra as an authorization source for our guest wifi login. We already use Entra for our Admin login to CPPM and it seems to automatically save the Entra groups in an Endpoint attribute 'social_groups', that works fine.
But we would like to check on the accountEnabled attribute of an Entra account (during MAC auths).
I added our Entra details as a new authentication source, double-checking these with our Entra team. And we have two filters, one to get groups and one to get accountEnabled, these look like this:
Filters : | 1. /users/{id}/memberOf?$select=displayName 2. /users/?$select=mail,userPrincipalName,id,department,accountEnabled&$filter=userPrincipalName%{Endpoint:Username} |
And I have referenced the second of these in our role mapping (the accountEnabled alias successfully appears as an option when I create the mapping rule)
But when I look at MAC auths nothing at all is showing for Entra in the Input -> Authorization Attributes section of requests hitting the service.
We are running version 6.12.2.
Entra has been added as an authorization source on the service
Am I missing something?
Thank you,
Guy