Security

Hi, I have a client, which wants to use ClearPass, but he wants to use not on-premises ad dc, but azure ad dc.

Maybe someone had this kind of case and can share your knowledge.

ClearPass would be used  for Wifi users and LAN users EAP-TLS or EAP-PEAP authentication.

https://community.arubanetworks.com/t5/Security/ClearPass-Configuration-Guide-Onboard-Cloud-Identity-Providers/td-p/301657

So to be clear, EAP-TLS is only possible solution.

One more thing, how ClearPass check user name from certificate common name field? because when we used on-Premise CA and AD DC, ClearPass using EAP-TLS authentication always check does user exit in AD DC and CLearPass use received  user certificate common name field. So how  this time ClearPass would check user  over OAuth 2.0 ? Because I did not find straigh answer.

Yes there is user check, I am sending you my ClearPass authentication one recod  begining. After user check  certificate check is following, tell me my mistakes please. Common name field value is used from certificate as user  name to check. I am using EAP-TLS auth.

You need to disable authorization in the EAP-TLS configuration.

1. So the only possible check is certificate and  user check is not possible? Just say yes or no?

Yes, the credential is validated.