Security

Reply
Highlighted
Occasional Contributor I

802.1x auth against Azure AD?

We have an in house AD that our employees use to connect to wifi using LDAP against our on-premise AD servers.  We have another company that's part of our orginzation.  They don't have AD, only Azure AD.  

1) is it possible to create a ESSID for just them that woudl auth against Azure AD?

2) or i could create an azure LDAP server, but can you have multiple LDAP servers used for diffferent SSIDs?

Highlighted

Re: 802.1x auth against Azure AD?

Assuming we're talking about using ClearPass as a RADIUS server, you can list multiple Authentication Sources in a single service, if the account cannot be found in the on-prem AD source, it'll fail through to the next one. This way you can use a single SSID with multiple auth sources. 

 

The real question is integrating Azure AD with ClearPass at that point, and I'm assuming that should work fine as long as the ports are open to communicate. I would make sure you do LDAP over SSL since the connection will be outbound through the internet. I also don't know what type of lookup times you may see since it's not local, but I think technically it should be possible. I haven't done it myself, but I imagine it should be very similar to setting up the on-prem LDAP, just public IP instead of private. 



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Highlighted
Moderator

Re: 802.1x auth against Azure AD?

You need to use EAP-TLS for Azure AD. Take a look at this: https://community.arubanetworks.com/t5/Security/ClearPass-Configuration-Guide-Onboard-Cloud-Identity-Providers/td-p/301657


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor I

Re: 802.1x auth against Azure AD?

Is this onboarding use only with certificates? How can i use Azure AD as authentication source for students? Only check that account exists in azure ad? 

I can use azure ad with ldaps when log in to policy manager and when i use tacacs authentication. Why i can’t use ldaps authentication with wireless authentication? With onpremise this was so easy but now everybody wants to use azure ad and from cloud without on premise ad. :)

 

Highlighted
Occasional Contributor I

Re: 802.1x auth against Azure AD?

Hi!

This wireless azure ad profile is missing a guide´? Page 23  Is it possible to get this? And after onboarding do i need another service that allow access to wireless network?

Highlighted
Moderator

Re: 802.1x auth against Azure AD?

Legacy authentication methods are not possible with cloud identity providers. EAP-TLS is your only option.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor I

Re: 802.1x auth against Azure AD?

This Azude ad doens’t make it easy when you want to authenticate wireless lan. You have to use Clearpass and buy onboard licenses. LDAPS would have been good option but it doesn’t work with wireless networks. This is not easy way at this moment. But we all are going to cloud based systems and i hope that this is easier in the future. 

Highlighted
Frequent Contributor I

Re: 802.1x auth against Azure AD?

Azure AD is not LDAP so your options are limited.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: