Security

Reply
Contributor II

CPPM Policy to check successful User & Machine Authentication

Hi all,

 

I was wondering if anybody could tell me what the current best practice is to handle User & Machine Authentications against Active Directory with CPPM. More specifically, how to differentiate between the following scenarios and apply different roles for:

 

  1. Successful Machine Auth & Successful User Auth
  2. Successful Machine Auth & Failed User Auth
  3. Failed Machine Auth & Successful User Auth

I've found some good documentation with very specific configuration, but some is 3 - 5 years old so don't want to go down the rabbit hole if ClearPass now has inbuilt methods to make this easier.

 

Bonus points for any links or examples :-)

 

Thanks heaps!

 

-Brett

Highlighted

Re: CPPM Policy to check successful User & Machine Authentication

This 1 is still vald:

https://community.arubanetworks.com/t5/Security/How-to-MACHINE-AND-USER-AUTHENTICATION-IN-WINDOWS-WITH-CLEARPASS/td-p/227580

 

You can give any enforcement you would like based on a user auth, machine auth, or combination of both. 

 

Only user auth is basicly BYOD. Only machine auth is just a corp laptop without an active user session, so in that case give it a role with access to AD and maybe some important antivirus/update servers.



- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -
Highlighted
Contributor II

Re: CPPM Policy to check successful User & Machine Authentication

Thank you Fabian,

 

I've seen this but wasn't sure if it was still valid. I will give it a go within the next week or so and report back.

 

-Brett

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: