Security

Reply
Highlighted
Moderator

ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Team Aruba,

 

We’re happy to announce an update to the ClearPass Configuration Guide for Onboard + Cloud Identity Providers. Version 2018-01 adds configuration details for Google's new Secure LDAP service for real-time authorization against Google Cloud Identity / G Suite in policy.

 

This configuration guide is very focused and covers:

  • creating the required application in the cloud identity provider
  • configuring the ClearPass SAML Service Provider and OAuth 2.0 Relying Party
  • onboard provisioning settings changes required for SAML and OAuth 2.0
  • customizing the ClearPass SSO dictionary
  • building a SAML pre-authentication service for Onboard
  • using OAuth 2.0 return attributes in a role map and/or network access policy
  • Azure Active Directory, Google Cloud Identity / G Suite and Okta identity providers
  • Google Secure LDAP Connector for real-time authorization

 

Document Link: ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf

 

Feedback always welcome!

 

Enjoy!

 

- Aruba Security Team



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
MVP

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

As usual whenever I have a question, it seems you've already answered it.  Thanks yet again!!

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Highlighted
New Contributor

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Is there a required version level that supports this integration?

Highlighted
Contributor I

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Thanks for working up this guide, great info! Are there plans to add support for Azure Secure LDAP as there is for Google?
Highlighted
Moderator

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Azure Active Directory does not have an LDAP interface by design.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
MVP

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Ah, but htey have a guide for setting up secure LDAP:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap

which makes the integration seem possible.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Highlighted
Moderator

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

That is AAD DS, not AAD. We have no plans to support AAD DS as it is only a transitionary offering from Microsoft.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
New Contributor

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Here at ATMOSPHERE19 , attended your last session on Deep Dive: Auth Technologies. Great job , thank you.

 

To my question. I am trying to decide if I should use SAML or OAuth2.0. I am trying to avoid 802.1X on a Macosx enverionment, having to many issues with bluetooth and 802.1X, turn it on and off is not a solution for my users. If I use SAML with Gsuite workflow, will that still require 802.1X ?

 

Thank you in Adv.

 

Highlighted
New Contributor

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Hello on this page you mention Okta as an id source is depreciated, but it is still a source described in this Config guide and available in CPPM.

Can you please confirm if this will be depreciated in future releases of CPPM?

And if so why is it being depreciated?

Okta is increasingly becoming more and more the iDP for everything, best at it in the industry..
Highlighted
Moderator

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

The Okta-specific auth source that is part of the CPPM auth source list is deprecated and no longer works. Okta is fully supported as described in the document.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: