Security

 View Only
last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

Using Entra as authorization source for Guest wifi login

This thread has been viewed 12 times
  • 1.  Using Entra as authorization source for Guest wifi login

    Posted 5 days ago

    Hello,

    I have been trying to add Entra as an authorization source for our guest wifi login. We already use Entra for our Admin login to CPPM and it seems to automatically save the Entra groups in an Endpoint attribute 'social_groups', that works fine.

    But we would like to check on the accountEnabled attribute of an Entra account (during MAC auths).

    I added our Entra details as a new authentication source, double-checking these with our Entra team. And we have two filters, one to get groups and one to get accountEnabled, these look like this:

    Filters : 1. /users/{id}/memberOf?$select=displayName
    2. /users/?$select=mail,userPrincipalName,id,department,accountEnabled&$filter=userPrincipalName%{Endpoint:Username}

    And I have referenced the second of these in our role mapping (the accountEnabled alias successfully appears as an option when I create the mapping rule)

    But when I look at MAC auths nothing at all is showing for Entra in the Input -> Authorization Attributes section of requests hitting the service.

    We are running version 6.12.2.

    Entra has been added as an authorization source on the service

    Am I missing something?

    Thank you,

    Guy