Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

802.1x auth against Azure AD?

This thread has been viewed 41 times

  • 1.  802.1x auth against Azure AD?

    Posted Apr 02, 2019 11:27 PM

    We have an in house AD that our employees use to connect to wifi using LDAP against our on-premise AD servers.  We have another company that's part of our orginzation.  They don't have AD, only Azure AD.  

    1) is it possible to create a ESSID for just them that woudl auth against Azure AD?

    2) or i could create an azure LDAP server, but can you have multiple LDAP servers used for diffferent SSIDs?



  • 2.  RE: 802.1x auth against Azure AD?

    MVP
    Posted Apr 03, 2019 10:08 AM

    Assuming we're talking about using ClearPass as a RADIUS server, you can list multiple Authentication Sources in a single service, if the account cannot be found in the on-prem AD source, it'll fail through to the next one. This way you can use a single SSID with multiple auth sources. 

     

    The real question is integrating Azure AD with ClearPass at that point, and I'm assuming that should work fine as long as the ports are open to communicate. I would make sure you do LDAP over SSL since the connection will be outbound through the internet. I also don't know what type of lookup times you may see since it's not local, but I think technically it should be possible. I haven't done it myself, but I imagine it should be very similar to setting up the on-prem LDAP, just public IP instead of private. 



  • 3.  RE: 802.1x auth against Azure AD?

    EMPLOYEE
    Posted Apr 03, 2019 11:07 AM
    You need to use EAP-TLS for Azure AD. Take a look at this: https://community.arubanetworks.com/t5/Security/ClearPass-Configuration-Guide-Onboard-Cloud-Identity-Providers/td-p/301657


  • 4.  RE: 802.1x auth against Azure AD?

    Posted Sep 29, 2019 07:58 AM

    Is this onboarding use only with certificates? How can i use Azure AD as authentication source for students? Only check that account exists in azure ad? 

    I can use azure ad with ldaps when log in to policy manager and when i use tacacs authentication. Why i can’t use ldaps authentication with wireless authentication? With onpremise this was so easy but now everybody wants to use azure ad and from cloud without on premise ad. :)

     



  • 5.  RE: 802.1x auth against Azure AD?

    EMPLOYEE
    Posted Sep 30, 2019 04:55 PM

    Legacy authentication methods are not possible with cloud identity providers. EAP-TLS is your only option.



  • 6.  RE: 802.1x auth against Azure AD?

    Posted Oct 03, 2019 02:01 PM

    This Azude ad doens’t make it easy when you want to authenticate wireless lan. You have to use Clearpass and buy onboard licenses. LDAPS would have been good option but it doesn’t work with wireless networks. This is not easy way at this moment. But we all are going to cloud based systems and i hope that this is easier in the future. 



  • 7.  RE: 802.1x auth against Azure AD?

    Posted Oct 03, 2019 06:34 PM

    Azure AD is not LDAP so your options are limited.



  • 8.  RE: 802.1x auth against Azure AD?

    Posted Sep 30, 2019 01:17 PM

    Hi!

    This wireless azure ad profile is missing a guide´? Page 23  Is it possible to get this? And after onboarding do i need another service that allow access to wireless network?