Hello,
I'm wondering if something is possible and I'm just missing how to do it.
Ideally, we want to do the following:
User logins to 802.1x, based on user directory attributes are given a role. (Staff, Affiliate, etc)
Then, based on their role and other attributes, we decide which role to send to the aruba controllers.
The other attributes should ideally include: Existence of their device in our enterprise inventory system (This is an SQL lookup, already have this piece working); OnGuard health status (AV enable/updated, Firewall enabled/updated); AND whether or not a specific internal application is installed.
So User A is staff, their device is in inventory, it's healthy and has the application installed, they get the controller role Staff-Managed-WithApp. If the app is not installed they get Staff-Managed-Base. If the device is unhealthy, regardless of App or not, they get Staff-Quarantined. These roles then control access to various resources internally.
My question is.. is this possible? It doesn't look like it is from what I can see in the OnGuard configuration, but maybe I'm missing something.