Here is the documentation for this integration.
The ClearPass 6.11 Azure AD authorization is authorization only, so won't do MFA (or authentication at all). It's typically used together with EAP-TLS or TEAP 802.1X and Intune provisioned certificates.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jun 28, 2023 03:36 AM
From: JC11
Subject: Via VPN with Azure MFA
Hi there,
I have a VIA VPN solution with some AOS10 controllers using Clearpass for authenitcation. I am looking to implement Azure MFA and have been advised the recommended solution is for Clearpass send requestes to an NPS server with the Azure MFA extension installed. This works for the initial profile download but then is failing with IKEv2 ipsec connections, anyone know if IKEv1 required for this solution? It looks likely it is becuase the NPS extension requires PAP for the OTP auth method and RADIUS will not use PAP when IKEv2 is used for the client VPN connection to the controller.
It also looks like there is a new Azure option available in Clearpass as an authenitcation source, anyone know if it's possible to use this for Azure MFA for VIA VPN connections?
Thanks for any help.