Security

Reply
Highlighted
Occasional Contributor II

ClearPass and Azure AD

Hi,

 

My customer is using CP for User authentication via EAP-TLS. Currently CP is checking username against local AD.

Client is moving everything on the Azure AD via itune and now EAP-TLS on testing phase is not working as CP can't do computer lookup on Azure AD. 

One of the options I have suggested to use the secure ldap over internet but customer would like to go away from ldap and would like to use new authentication method like OAuth 2.0 or simmiler. 

I have serached the blog but most of them are for the Guest account not for the EAP-TLS and all the EAP-TLS users the lldap. 

 

Do we have any documentation or method which I can use without secure ldap?

 

Please help.

 

Thank you,

Nilay Vyas.


Accepted Solutions
Highlighted
Contributor II

Re: ClearPass and Azure AD

Then you can set up the Intune integration (arubanetworks.com/clearpassdocs) and leverage some of that data in your enforcement policies.

View solution in original post

Highlighted
Contributor II

Re: ClearPass and Azure AD

Highlighted
MVP Guru

Re: ClearPass and Azure AD

Please check the ClearPass with Azure integration videos on the Airheads Broadcasting Channel on Youtube.

 

You can start with ClearPass integration with Intune and Azure AD - Part 1.1, and from there follow the other videos on this topic.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).

View solution in original post

Highlighted
Contributor II

Re: ClearPass and Azure AD

You should just allow HTTPS outbound for CPPM. It is required other things such as software updates anyway.

View solution in original post


All Replies
Highlighted
Contributor II

Re: ClearPass and Azure AD

Azure AD does not use LDAP. If your devices are managed by Intune, you can use the Intune integration for authorization.

Highlighted
Occasional Contributor II

Re: ClearPass and Azure AD

Do you have any documentation for EAP-TLS via itune integration?

Highlighted
Contributor II

Re: ClearPass and Azure AD

Issuing certificates to Intune managed devices has nothing to do with CPPM. Take a look at the Microsoft docs.

The Intune integration with CPPM is for authorization.
Highlighted
Occasional Contributor II

Re: ClearPass and Azure AD

Certficate is not an issues at all. .it is right now working with certificate only.. but I have disable the authorisation which pick up the CN name of the certificate and check against AD Fedration on site via ldap. Now as AD is on the Azure I can't check Autorisation lookup via ldap and client dose not want to use secure ldap. I am not sure how to get this working agin. If you have any documentation please point me to the link. 

Highlighted
Contributor II

Re: ClearPass and Azure AD

Are the devices under management by Intune?
Highlighted
Occasional Contributor II

Re: ClearPass and Azure AD

yes they are.. 

Highlighted
Contributor II

Re: ClearPass and Azure AD

Then you can set up the Intune integration (arubanetworks.com/clearpassdocs) and leverage some of that data in your enforcement policies.

View solution in original post

Highlighted
Occasional Contributor II

Re: ClearPass and Azure AD

Pleae correct me I am wrong but it means.. I configure the integration.. 

keep EAP-TLS authorisation disable

enable the autorisation in the policy and check agains the integration data being pulled out from itune and cached into the clear pass?

so now the client require valid cerficiate + one or two of the autorisation policy I use to match aginst intue data?

 

am I right?

Highlighted
Contributor II

Re: ClearPass and Azure AD

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: