Security

Dear Experts,

 

When we configure active directory as authentication source, we get the options to select its field as role and/or attributes. What is meant by roles or attributes in this context?

Guess you are querying about vendor specific attributes and server derived roles.

Where are you configuring this?
Could you share a screen grab of it

When we configure active directory as authentication source, we get the
options to define its fields such as department, member off etc as roles
and attributes

This may be of help.

 

https://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/Active%20Directory/AD_auth_source_adding.htm#Source

 

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.

Let me give you an example:
John belongs to department “Finance”, so when his laptop joins domain it belongs to the Finance group. Hopefully you AD team has done this correctly.
In CPPM, If the Authentication Sources > Attributes > Groups enable as Role you find a role shows up automatically as “Finance” and probably another role [Machine Authenticated] in Access Tracker Summary when John laptop authenticated. You can base on this and build your Enforcement profile.
If the Authentication Sources > Attributes > Groups enable as Attribute you find Authorization:<domain>: Groups “Finance” in Access Tracker > Input > Authorization Attributes. And of course you can build your Enforcement profile base on this.
Hope that helps.