Security

Hi,

 

My customer is using CP for User authentication via EAP-TLS. Currently CP is checking username against local AD.

Client is moving everything on the Azure AD via itune and now EAP-TLS on testing phase is not working as CP can't do computer lookup on Azure AD. 

One of the options I have suggested to use the secure ldap over internet but customer would like to go away from ldap and would like to use new authentication method like OAuth 2.0 or simmiler. 

I have serached the blog but most of them are for the Guest account not for the EAP-TLS and all the EAP-TLS users the lldap. 

 

Do we have any documentation or method which I can use without secure ldap?

 

Please help.

 

Thank you,

Nilay Vyas.

Azure AD does not use LDAP. If your devices are managed by Intune, you can use the Intune integration for authorization.

Do you have any documentation for EAP-TLS via itune integration?

Issuing certificates to Intune managed devices has nothing to do with CPPM. Take a look at the Microsoft docs.

The Intune integration with CPPM is for authorization.

Certficate is not an issues at all. .it is right now working with certificate only.. but I have disable the authorisation which pick up the CN name of the certificate and check against AD Fedration on site via ldap. Now as AD is on the Azure I can't check Autorisation lookup via ldap and client dose not want to use secure ldap. I am not sure how to get this working agin. If you have any documentation please point me to the link. 

Are the devices under management by Intune?

yes they are.. 

Then you can set up the Intune integration (arubanetworks.com/clearpassdocs) and leverage some of that data in your enforcement policies.

Pleae correct me I am wrong but it means.. I configure the integration.. 

keep EAP-TLS authorisation disable

enable the autorisation in the policy and check agains the integration data being pulled out from itune and cached into the clear pass?

so now the client require valid cerficiate + one or two of the autorisation policy I use to match aginst intue data?

 

am I right?

yes

Please check the ClearPass with Azure integration videos on the Airheads Broadcasting Channel on Youtube.

 

You can start with ClearPass integration with Intune and Azure AD - Part 1.1, and from there follow the other videos on this topic.

Hi,

Any one know what is the Firewall Ports requires to open in order to complete this integration. 

Currently clearpass has no interent access. 

 

Thank you. 

The Intune integration requires access to the Intune API endpoints over TCP 443. 

so that is Microsoft Office 365 URL. domina based firewall ruls am I right?

You should just allow HTTPS outbound for CPPM. It is required other things such as software updates anyway.