Security

Reply
Highlighted
Contributor I

ClearPass Guest Sponsor Operator Login

I have AD authentication to ClearPass Guest working for sponsorship confirmation, but want to scope the role so users in the "approvers" group can ONLY sponsor users and have to access to the rest of ClearPass Guest and/or CPPM.

 

Is the [Device Registration] role the narrowest it can get?

Guru Elite

Re: ClearPass Guest Sponsor Operator Login

You can create custom ClearPass admin and operator logins with the appropriate permission levels.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass Guest Sponsor Operator Login

I have created a custom role, but it doesn't have enough permissions. Which ones are necessary for sponsorship confirmation?

Guru Elite

Re: ClearPass Guest Sponsor Operator Login

You should only need the “Remove Accounts” priviliege.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass Guest Sponsor Operator Login

I understood that the only permission required for a sponsor to accept or reject sponsorship clicking in the URLs given in the sponsor email is "remove". Is that correct?

 

I thought I needed at least "change expiration", "manage guest accounts" and "remove accounts". My sponsorship process lets the sponsor chose the expiration time and I thought it required manage guest accounts. I also addded "create new guest account" so my sponsors can create accounts aoutside of the post-registration email workflow.

 

Is there a table so I can check what permissions we need granted for each functionality?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: