Security

Reply
Frequent Contributor I

ClearPass as two factor authenticator with SMS

Hi

 

We would like to use Clearpass to perform two-factor authentication for a VPN box. The VPN box would send a radius request to Clearpass which authenticates the user against AD. Then Clearpass should send an SMS with the code to the users' number (AD telephone field?) which the users would have to input in a form. Is this possible? If yes, how would we be able to do this?

 

ACMX, ACDX, ACCP, MASE
Highlighted
Guru Elite

Re: ClearPass as two factor authenticator with SMS

No, this is not possible without an MFA solution.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: ClearPass as two factor authenticator with SMS

Hi Tim.

 

Is there any examples of how to integrate CPPM with 3rd party vpn devices that use CPPM for user authentication with 2FA with SMS ?

 

Occasional Contributor II

Re: ClearPass as two factor authenticator with SMS

Im stunned that this is not an option within Clearpass. I mean, they already have all the elements to make this work, eg: SMS engine, full control of the radius process, Access to AD.

 

Im sad that I have to tell the customer that they have to keep a separate redundant NPS cluster running even after they have moved all auth to Clearpass, just to have MFA. Its annoying, when it seems you are 95% of the way to make it happen.

 

How do I submit a feature request?

Frequent Contributor I

Re: ClearPass as two factor authenticator with SMS

Hi

To file a feature request, go to: https://innovate.arubanetworks.com/

 

ACMX, ACDX, ACCP, MASE
Occasional Contributor II

Re: ClearPass as two factor authenticator with SMS

Done, please upvote if anyone find this useful as well.

https://innovate.arubanetworks.com/ideas/SEC-I-1197

Guru Elite

Re: ClearPass as two factor authenticator with SMS

I'll add the same response here for benefit of others:

 

"SMS is not a recommend second factor. NIST has recommended against its use. Stronger second factors should be used (and are already supported in CPPM). The SMS functionality in Guest was designed for low risk usage like validating a guest's phone number. We do not have plans to extend this feature."


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: ClearPass as two factor authenticator with SMS

A lot of customers use SMS as a two factor for the internal users.

 

Is there guides and support for integrating other "phone authentication" methods, like Google Authenticator or similar apps you can have on the phone. What are the Aruba recommendations for 2FA or Multi Authentication ?

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: