Security

Does anyone know or have a manual on how to do this but with office 365?

If i search in forum i find this but it just tell you how to do it with google and facebook but not with office 365

http://community.arubanetworks.com/t5/Aruba-Solution-Exchange/ClearPass-Guest-Social-Logins/ta-p/218131

 

Also if its possible to restrict  the login to one domain...  Let say i just want that people with @arubanetworks.com can log in using office 365. social media login.

 

Cheers

Carlos

1. Browse to https://account.live.com/developers/applications, sign in with your Microsoft Live account, and click Add an App in the Live SDK Applications section.

2. Enter an Application Name and click Create Application.

3. On the Application Registration page, enter the FQDN of your ClearPass server into the Target Domain field. In the Redirect URIs field, enter the full URL of the ClearPass WebLogin page that you're using for social logins. There are some optional URLs that you can provide if you want to, along with a logo. Make note of the Application ID and Application Secret. You will use these values in the ClearPass configuration. Click Save when done.

I cannot see the images :(

 

Ill try that tomorrow

Also do you know if its possible to use the social media login with office 365 but restrict it to one domain?

I mean that just users with @alternetworks.net doamin can log in but someone else using office 365 with another doamin cannot use this

 

Cheers

Carlos

So you're looking for a more corporate style login, right?

You can use Azure AD instead which will limit it to your tenant.

Can i use office365 credentials with that azure login?

Also those users are not in the ad. Those are students that happen to have office 365 account but they do not have users in the ad as far i know

Office 365 uses Azure AD as it's identity store. You'll have at least AAD Basic.

Mmmm if its a different AD i guess. What i asked them if the student had a user in their local AD and the asnwer was no

Does this azure login work on clearpass 6.5 or i need 6.6?

Azure AD logins were added in ClearPass Guest 6.6.0

I was reading a bit about this, i didt know that  Office 365 uses the cloud-based user authentication service Azure Active Directory to manage users until you mention it.

So if i add this Azure AD ill be able to manage Office 365 users like AD and will be able even to create groups and give permitions to wifi to groups of users for example  Group A which contains student A, B, c has access and group B whichc contains Students D, E F does not have access, just like the AD but with office 365  users?

It is like this? or im missunderstanding you Tim?

Yes but keep in mind two things:

1) Azure AD (or G Apps) cannot be used with PEAPv0/EAP-MSCHAPv2. You'd use this for Onboarding to EAP-TLS

2) Account information is only checked during the initial authentication (Onboarding for example)

If you at least can restrict the domain for example @alternetworkrs  that they just can log in that works for me.

So you can defenitly do this right? just confirm me this and ill go and install a demo clearpass of 6.6 to try it.

Sadly my demo clearpass i got in here it just 6.5 for the HD limitations guess i need to ask for a 1 TB HD to upgrade it to 6.6...

Yes the Azure AD API client you create should be limited to the local tenant.

Thaks tim ill try it.

Do you know if there is any documentation of how to integrate this with azure AD with clearpass i can read?

 

Cheers

Carlos

Hopefully, this link will point you in the right direction -

 

http://community.arubanetworks.com/t5/Security/social-media-login-with-office-365/td-p/282775

We don't have an Azure AD integration guide today. It's something we're working on.

If there isnt a guide will tac hel us out to set it up?

Hello Tim

We need to configure this, and we have no idea how to configure it.  There is a client which wants this, and i cannot even do him a demo because there isnt any guide or something which tells you how to configure it

Is there someone that could help me with this???

 

Cheers

Carlos

Hi Carlos- 

 

Happy to further assist you.  Mind sending me an email pegah.kamal@hpe.com with the details and best contact number / email?

 

Cheers

 

Pegah

i already made it work im just stuck witht he mac caching on social media login hah

Just need to add one of the Mac Auth expiry options define in the Time Source db using a post_auth enforcement profile (endpoint db update) when the user does the web-auth


Get Outlook for iOS

Just need to add one of the Mac Auth expiry options define in the Time Source db using a post_auth enforcement profile (endpoint db update) when the user does the web-auth


Get Outlook for iOS

Also on the Mac auth you either create a role mapping using the  (Authorization:[Time Source]:Now DT LESS_THAN %{Endpoint:MAC-Auth Expiry}) > [Mac Caching] - Tips Role

Make sure that the endpoint db and time Source are used as a authorization
Sources

Get Outlook for iOS

Also on the Mac auth you either create a role mapping using the  (Authorization:[Time Source]:Now DT LESS_THAN %{Endpoint:MAC-Auth Expiry}) > [Mac Caching] - Tips Role

Make sure that the endpoint db and time Source are used as a authorization
Sources

Get Outlook for iOS