Security

Reply
MVP Guru

Corporate Wi-Fi with CPPM & Azure AD

Hi All,

 

I'm looking for recommendation on how to utilise CPPM and Azure AD for corporate WI-Fi managed devices.

 

How have other set this up?

 

I don't see onboarding as a valid option.

 

 


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: Corporate Wi-Fi with CPPM

Onboard or Intune with ADCS.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP
MVP

Re: Corporate Wi-Fi with CPPM

Any progress on this topic?

 

What about customers that dont have an onpremise AD, only have Azure AD with intune. The customer dont want to have onboarding and want EAP-TLS computer certificates, not user certificates?

 

Are there some other options on this to use azure as authentication source.

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Guru Elite

Re: Corporate Wi-Fi with CPPM

Intune can issue machine certificates via ADCS.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP
MVP

Re: Corporate Wi-Fi with CPPM

Hi Tim,

 

Many thanks for your reply.

 

We known howto enroll computer certificate with Intune. Also  how to fetch attributes from Azure and use that in Clearpass authorization. To do that we use the ClearPass extention "microsoft-intune".

 

The only thing i dont understand is what will be used as authentication source without having an onpremise AD or Onboarding.

 

 

 

 

 

 

 

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Guru Elite

Re: Corporate Wi-Fi with CPPM

There is no authentication source for certificate-based auth with AAD.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
MVP
MVP

Re: Corporate Wi-Fi with CPPM

iam lost here...:)

 

How can i create a clearpass service without an authentication source?

 

When i put it on local host and authenticate with a itune device. Accesstracker eap-tls request said "username host\laptop123 not found in local repository". When i put the hostname in the local user repository it will succeed.

 

Screen Shot 2019-09-12 at 19.45.01.png

 

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Guru Elite

Re: Corporate Wi-Fi with CPPM

You need to create an EAP-TLS method with authorization disabled.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP
MVP

Re: Corporate Wi-Fi with CPPM

That is great! Thanks a lot Tim!

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: