Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Guest Sponsor Operator Login

This thread has been viewed 13 times

  • 1.  ClearPass Guest Sponsor Operator Login

    Posted Dec 18, 2018 11:10 AM

    I have AD authentication to ClearPass Guest working for sponsorship confirmation, but want to scope the role so users in the "approvers" group can ONLY sponsor users and have to access to the rest of ClearPass Guest and/or CPPM.

     

    Is the [Device Registration] role the narrowest it can get?



  • 2.  RE: ClearPass Guest Sponsor Operator Login

    EMPLOYEE
    Posted Dec 18, 2018 11:14 AM
    You can create custom ClearPass admin and operator logins with the appropriate permission levels.


  • 3.  RE: ClearPass Guest Sponsor Operator Login

    Posted Dec 18, 2018 11:15 AM

    I have created a custom role, but it doesn't have enough permissions. Which ones are necessary for sponsorship confirmation?



  • 4.  RE: ClearPass Guest Sponsor Operator Login
    Best Answer

    EMPLOYEE
    Posted Dec 18, 2018 11:30 AM
    You should only need the “Remove Accounts” priviliege.


  • 5.  RE: ClearPass Guest Sponsor Operator Login

    Posted Apr 04, 2019 11:01 AM

    I understood that the only permission required for a sponsor to accept or reject sponsorship clicking in the URLs given in the sponsor email is "remove". Is that correct?

     

    I thought I needed at least "change expiration", "manage guest accounts" and "remove accounts". My sponsorship process lets the sponsor chose the expiration time and I thought it required manage guest accounts. I also addded "create new guest account" so my sponsors can create accounts aoutside of the post-registration email workflow.

     

    Is there a table so I can check what permissions we need granted for each functionality?