Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Per-user customization of maximum allowed Onboarded devices

This thread has been viewed 0 times

  • 1.  Per-user customization of maximum allowed Onboarded devices

    Posted Feb 20, 2015 07:37 PM

    Hello,

     

    We are setting up Onboard for our users with a maximum number of allowed devices that a user can register. However, there are use cases in our company where some users who do testing with many different types of devices and may need to Onboard more than the normal maximum number of 2. How can we set it up so that some users or groups of users are allowed to Onboard more than 2?

     

     



  • 2.  RE: Per-user customization of maximum allowed Onboarded devices
    Best Answer

    EMPLOYEE
    Posted Feb 20, 2015 07:47 PM

    Create a new Application enforcement profile with the number of devices like below:

    APP-ENF-ONBOARD-5.PNG

     

    Then in your Onboard Authorization service, map the AD group to the new enforcement policy either directly or using TIPS role mapping.

     

    onboard-app-5.PNG



  • 3.  RE: Per-user customization of maximum allowed Onboarded devices

    Posted Feb 20, 2015 07:55 PM

    What about the "Maximum Devices" field found under the provisioning settings in the Onboard configuration? Should this still be set to 2, or does it need to be set to 0 (ininite) and make another enforcement profile in Policy Manager that sets all other users to 2?



  • 4.  RE: Per-user customization of maximum allowed Onboarded devices

    EMPLOYEE
    Posted Feb 20, 2015 07:57 PM
    That value will apply for any authorization response that does not contain the Max Devices attribute.