Security

Hello All,

I'm deploying Onboarding for a Customer in an environment where their AD Domain Credentials are shared with Non-Staff members resulting to a very insecure environment.

The issue or question I have is, is there a way we can use both User and Machine Authentication for Onboarding in order to achieve a situation where even if we have a Non-Staff member coming in with his/her personal Laptop but has the AD Domain Credential of a Staff member will not be able to gain access to the Corporate Network.

So as long as the Laptop is not a Domain Machine, we don't want this User gain access to the Corporate Network. What can I do to achieve this?

If these are all domain machines, I would not use onboarding. You should just authenticate the devices via 802.1x and use the built-n [MACHINE AUTHENTICATED] role in CPPM to allow or block machines.

Onboarding is for non-domain devices that you want to get acces to your network.

---

@cjoseph wrote:

If these are all domain machines, I would not use onboarding. You should just authenticate the devices via 802.1x and use the built-n [MACHINE AUTHENTICATED] role in CPPM to allow or block machines.

 

Onboarding is for non-domain devices that you want to get acces to your network.

 

---

Thanks cjoseph.

I kind of was leaning to your statement as well but I wanted to be sure there wasn't an option via Onboarding.