Security

Reply
Guru Elite

ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Team Aruba,

 

We’re happy to announce an update to the ClearPass Configuration Guide for Onboard + Cloud Identity Providers. Version 2018-01 adds configuration details for Google's new Secure LDAP service for real-time authorization against Google Cloud Identity / G Suite in policy.

 

This configuration guide is very focused and covers:

  • creating the required application in the cloud identity provider
  • configuring the ClearPass SAML Service Provider and OAuth 2.0 Relying Party
  • onboard provisioning settings changes required for SAML and OAuth 2.0
  • customizing the ClearPass SSO dictionary
  • building a SAML pre-authentication service for Onboard
  • using OAuth 2.0 return attributes in a role map and/or network access policy
  • Azure Active Directory, Google Cloud Identity / G Suite and Okta identity providers
  • Google Secure LDAP Connector for real-time authorization

 

Document Link: ClearPass_Configuration-Guide_Onboard-Cloud-Identity-Providers_v2018-01.pdf

 

Feedback always welcome!

 

Enjoy!

 

- Aruba Security Team


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP Expert

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

As usual whenever I have a question, it seems you've already answered it.  Thanks yet again!!

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
New Contributor

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Is there a required version level that supports this integration?

Occasional Contributor II

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Thanks for working up this guide, great info! Are there plans to add support for Azure Secure LDAP as there is for Google?
Guru Elite

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Azure Active Directory does not have an LDAP interface by design.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP Expert

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Ah, but htey have a guide for setting up secure LDAP:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap

which makes the integration seem possible.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

That is AAD DS, not AAD. We have no plans to support AAD DS as it is only a transitionary offering from Microsoft.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Here at ATMOSPHERE19 , attended your last session on Deep Dive: Auth Technologies. Great job , thank you.

 

To my question. I am trying to decide if I should use SAML or OAuth2.0. I am trying to avoid 802.1X on a Macosx enverionment, having to many issues with bluetooth and 802.1X, turn it on and off is not a solution for my users. If I use SAML with Gsuite workflow, will that still require 802.1X ?

 

Thank you in Adv.

 

New Contributor

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

Hello on this page you mention Okta as an id source is depreciated, but it is still a source described in this Config guide and available in CPPM.

Can you please confirm if this will be depreciated in future releases of CPPM?

And if so why is it being depreciated?

Okta is increasingly becoming more and more the iDP for everything, best at it in the industry..
Guru Elite

Re: ClearPass Configuration Guide: Onboard + Cloud Identity Providers

The Okta-specific auth source that is part of the CPPM auth source list is deprecated and no longer works. Okta is fully supported as described in the document.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: