Currently in the process of testing clearpass onboarding. We are successfully able to provision clients and they are functioning as expected. Two questions...
1) Is it possible to allow the users to self manage the devices they have registered with the system? For example, if I set the maximum devices to 2, and they already have two devices configured, do they have the ability to remove one of those devices themselves and provision the new one? (i.e. I got a new iphone 6, and I want to add it, but need to remove my 5s first)
I notice under onboarding there is a self-service portal... which I believe requires a BYOD operator role to use, but the documentation is not clear what the url is or how to use it.
2) Is it possible to have onboarding remove the certificates from the user device? We have noticed that if we remove access, the user still has the certificates installed, they must manually remove the profiles on their device before they can join the network using their AD credentials to reprovision. (we are single ssid, so we auth with AD first, then pass to captive portal to enroll) Any way around this?
Thanks!