Security

Reply
Highlighted
Regular Contributor II

Using ADFS as auth source for Onboard self-service

Hello,

 

We would like to allow our users to onboard personal devices which they would then be able to connect to a BYOD network.

 

Is it possible for us to authenticate their access to the self-service onboard pages using ADFS? If so is there any guidance on how to do this?

 

Many thanks,

 

Guy


Accepted Solutions
Highlighted
Contributor II

Re: Using ADFS as auth source for Onboard self-service

You do not need to connect CPPM to Active Directory Domain Services to use ADFS. That's the point of ADFS.

 

Set up ADFS as the IdP for CPPM using SAML.

 

You should only ever join CPPM to an AD DS domain when using legacy authentication (PEAPv0/EAP-MSCHAPv2).

View solution in original post


All Replies
Highlighted
Super Contributor II

Re: Using ADFS as auth source for Onboard self-service

Yes you should be able to authenticate the users against AD. Just add the Authentication and Authorization sources of your AD server once you add it as a source in your On-Board Preauth and Auth services.

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Regular Contributor II

Re: Using ADFS as auth source for Onboard self-service

Thanks Dustin,

 

I know very little about AD so this is a bit of a minefield for me! I kind of understand that ADFS is some sort of SSO layer that allows federated AD access. What I'm not really clear on is how that makes it different from AD in terms of using it as an auth source. But it sounds like I should configure it as an authentication source in the same way that I would if it was an AD server, is that right?

 

Do I also have to add the ClearPass boxes to the AD domain or is that not necessary?

 

Thanks for your help with this,

Guy

Highlighted
Super Contributor II

Re: Using ADFS as auth source for Onboard self-service

Yes you want to add the clearpass servers to the domain.

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Contributor II

Re: Using ADFS as auth source for Onboard self-service

You do not need to connect CPPM to Active Directory Domain Services to use ADFS. That's the point of ADFS.

 

Set up ADFS as the IdP for CPPM using SAML.

 

You should only ever join CPPM to an AD DS domain when using legacy authentication (PEAPv0/EAP-MSCHAPv2).

View solution in original post

Highlighted
Regular Contributor II

Re: Using ADFS as auth source for Onboard self-service

Ok thank you - actually this is more what I was expecting, I worded my question poorly. I'd better update the 'solution'.

 

I found the SSO Single Sign-On section under Identity in CPPM, I'm liaising with the chaps who run our ADFS so hopefully we can exchange info to complete this process.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: