Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Creating Guest Operator User Account Filters

This thread has been viewed 7 times

  • 1.  Creating Guest Operator User Account Filters

    Posted May 19, 2020 02:10 PM

    Hi All,

     

    We are a university that uses clearpass for student/staff IoT and gaming devices. I am trying to create some custom user account filters for some types of our guest operators.

     

    For our students I am trying to create a filter that displays all devices assigned to a user using sponsor name. Even devices that were created by technical support staff member (which "only show accounts created by this operator" does not suffice). I cannot determine how to set the below filter to current logged in user. I have tried numerous different username, sponsor name, etc. fields with no luck.

     

    Authorization:[Guest Device Repository]:sponsor_name=

     

    Additionally, we have some specialized techs that I would like to create filters for, but I am unsure if we can do an OR with two filters. Something like allowing an operator to see any device in one of two roles as well as only their devices in a third role. Any idea if this is possible and how to achieve it if so?

     

    Thank you in advance.

     



  • 2.  RE: Creating Guest Operator User Account Filters

    Posted May 19, 2020 03:58 PM

    When you say filter, do you mean when performing a search ?

    You can limit what the Operator can see based on the role/tag under Home » Administration » Operator Logins » Profiles

     

    2020-05-19 15_56_13-Edit Operator Profile (HELPDESK-DEVICE-REGISTRATION).png

     

     



  • 3.  RE: Creating Guest Operator User Account Filters

    Posted May 19, 2020 04:01 PM

    Screen Shot 2020-05-19 at 3.59.07 PM.png

     Hi,

     

    This is the field I am looking to utilize to make these custom filters. The filters would apply to the managed devices list.



  • 4.  RE: Creating Guest Operator User Account Filters

    MVP EXPERT
    Posted May 19, 2020 04:19 PM

    There's really no way to do exactly what you're asking. The way to handle this would be to have the folks that are registering the device on behalf of another user enter in the owner's username so the device is properly linked back to that user.



  • 5.  RE: Creating Guest Operator User Account Filters

    Posted May 20, 2020 11:35 AM

    We definitely do this already. But if a technician adds the device with the students username it does not show up in manage devices list when the student logs in. Maybe I am doing something wrong. Do you use the sponsor name field or the username field to associate it with the user?

     

     



  • 6.  RE: Creating Guest Operator User Account Filters
    Best Answer

    MVP EXPERT
    Posted May 20, 2020 11:38 AM

    The sponsor_name field should be the owner's fully qualified username (jdoe@myuni.edu)

     

    Ensure that fully qualified usernames are used for login. If you have an existing university IdP, use that.



  • 7.  RE: Creating Guest Operator User Account Filters

    Posted May 20, 2020 12:22 PM

    Thank you @timms

     

    That led me down the correct path. Changed the AD lookup attribute mapping to have sponsor_name = userPrincipalName instead of samaccountname. Now when a technician registers a device it shows under the student's operator profile. They now appear in the student operator profile.