Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Onboard with MFA SMS, Phone from AD

This thread has been viewed 1 times

  • 1.  Clearpass Onboard with MFA SMS, Phone from AD

    Posted Jan 19, 2017 10:43 AM
      |   view attached

    Hi Team

     

    The authentication source of onboard is the active directory. the mobile number is stored in the active directory as well, I can see it in the clearpass access tracker. after that I will use MFA with SMS. 

     

    How can I use the phone number from the active directory for the MFA SMS process?

     

    Thanks for your help, regards

    Manuel



  • 2.  RE: Clearpass Onboard with MFA SMS, Phone from AD

    Posted Jan 20, 2017 06:51 AM
    Good question! I can't easily see how to do this but would also like to know if possible.



  • 3.  RE: Clearpass Onboard with MFA SMS, Phone from AD

    Posted Jan 20, 2017 06:54 AM

    In the meantime I found the following hint:

    "For LDAP/AD the Pre-Authentication service must be updated to include the numbers in the reply."

     

    Sound like we have to include the phone number in the radius reply attributes. But which one?

     

    rg Manuel



  • 4.  RE: Clearpass Onboard with MFA SMS, Phone from AD
    Best Answer

    Posted Feb 01, 2017 05:36 AM
      |   view attached

    Hi all

     

    In the meantime I got the glue. We need a Enforcement Policy like (find atteched):

    ClearPass:visitor_phone=%{Authorization:SOFTEC AD:mobile}

    This only works with App-Auth (not radius based). Then we can use the attribute "visitor_phone" in the onboard or guest workflow.

     

    Regards

    Manuel