Hi All
I am looking into two-factor authentication for wireless (client request). We have Aruba Controllers, Instants, Clearpass and Airwave in the environment.
What we want is on the enterprise WiFi (802.1x) we want to use Google Authenticator to generate a token for the user to use when connecting to the wireless.
What we had in mind is something similar to how the clients PaloAlto VPN currently works.
The connecting user folows instructions and registers with their AD domain credentials on a Palo Alto portal for VPN. They receive a QR code (or normal coded string) for their VPN after registering through the Palo Alto VPN portal - the registration uses the Active Directory Username and Password for authentication - the Google Token for the user is associated to the AD account.
Then when the user connects to the VPN using their AD credentials the Token entry appears and they enter the Token they get (this from within the Google Authenticator App) to complete the connection.
They now want the same when connecting to wireless - they want to use their AD credentials and then aswell as the Two-Factor token for authentication - this to be seperate from their PaloAlto setup.
Is this Possible and where do I start looking for information to achieve this. I am thinking of using Clearpass similar to what you would do for RSA and Fortigate Authenticators, but I have no idea where to look and start for Google Authenticator.
Any help/advice will be greatly apreciated.