Security

Reply
Highlighted
Occasional Contributor II

Clearpass AzureAD authorization

How are you guys solving authentication and authorization when customers retire their local AD and going with AzureAD, but keeping a local CPPM server/farm?

 

Legacy authentication (EAP-PEAP) I understand is "dead" when going all cloud, so EAP-TLS I take is the way to go.

What would we authenticate against then, as in, what would accept or deny the certificate presented (CPPM yes, but source - just that certifcate is signed by a trusted CA?)?

 

How about authorization? Device attributes are ok, same with compliance state and device owner for example, via intune extesion, but what about AAD group membership?

Machine+User authentication is a challenge then as well, as a machine can be used by users which should have different access levels.

 

Any thoughts, ideas, solutions?

Highlighted

Re: Clearpass AzureAD authorization

hi HRossvoll,

 

I would start with this document here:

 

https://community.arubanetworks.com/t5/Security/ClearPass-Configuration-Guide-Onboard-Cloud-Identity-Providers/td-p/301657

 

I think it is going to explain exactly what you are looking for 


visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de
Highlighted
Occasional Contributor II

Re: Clearpass AzureAD authorization

I briefly looked trough this, but since it mentioned the CPPM Onboard module I assume it was tied in to that process only.

As I'm looking to do this without using CPPM onboarding, but handle management via intune or airwatch for example.

 

I'll dig in to the document more in depth and come back with questions if any :)

Highlighted

Re: Clearpass AzureAD authorization

sure, you can replace ClearPass onboarding with every other onboarding process you like. but the document explains the main concepts very well. 


visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: