Security

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says: 

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

Hello Herman,

thx for your reply.

I've created the App via the App Registration, and configured the permissions like you mentioned.
Then I've added a new Authentication Source in ClearPass using the Tenant Id, Client Id and Client Secret. Test Connection stated "Connection Successful"

Then in one service (Wireless 802.1X) I´ve replaced the AD-Authenication-Source with the AzureAD-Auth-Source.
If I now try to connect my client to the Wifi, using this Service, I can´t connect. In ClearPass I can´t see any entry in the AccessTracker, nor the Event Viewer.
Strange behaviour: if I now try to login to a switch, which has clearpass configured as radius-host, I can't login anymore. In ClearPass I don't see any entry in the Access Tracker. I haven´t changed anything in the service, which is responsible for the Switch login....
Original Message:
Sent: Jan 27, 2023 08:37 AM
From: Herman Robers
Subject: Azure AD Auth Source

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

The AzureAD Auth Source should be added as Authorization only, it cannot be used for authentication.

How are your clients configured for authentication? They typically are managed by Intune to get them provisioned with a client certificate and the proper supplicant configuration. Note that password authentication (PEAP) is not supported to Azure AD. Check here a typical setup of ClearPass with Azure AD & Intune:


------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Feb 02, 2023 07:30 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hello Herman,

thx for your reply.

I've created the App via the App Registration, and configured the permissions like you mentioned.
Then I've added a new Authentication Source in ClearPass using the Tenant Id, Client Id and Client Secret. Test Connection stated "Connection Successful"

Then in one service (Wireless 802.1X) I´ve replaced the AD-Authenication-Source with the AzureAD-Auth-Source.
If I now try to connect my client to the Wifi, using this Service, I can´t connect. In ClearPass I can´t see any entry in the AccessTracker, nor the Event Viewer.
Strange behaviour: if I now try to login to a switch, which has clearpass configured as radius-host, I can't login anymore. In ClearPass I don't see any entry in the Access Tracker. I haven´t changed anything in the service, which is responsible for the Switch login....
Original Message:
Sent: Jan 27, 2023 08:37 AM
From: Herman Robers
Subject: Azure AD Auth Source

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

Hello Herman,

my mistake. If added the Azure AD Source to Authorization, and everything works fine now.

Thx for your reply!

Kind regards

Matthias 

Original Message:
Sent: Feb 06, 2023 06:00 AM
From: Herman Robers
Subject: Azure AD Auth Source

The AzureAD Auth Source should be added as Authorization only, it cannot be used for authentication.

How are your clients configured for authentication? They typically are managed by Intune to get them provisioned with a client certificate and the proper supplicant configuration. Note that password authentication (PEAP) is not supported to Azure AD. Check here a typical setup of ClearPass with Azure AD & Intune:


------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Feb 02, 2023 07:30 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hello Herman,

thx for your reply.

I've created the App via the App Registration, and configured the permissions like you mentioned.
Then I've added a new Authentication Source in ClearPass using the Tenant Id, Client Id and Client Secret. Test Connection stated "Connection Successful"

Then in one service (Wireless 802.1X) I´ve replaced the AD-Authenication-Source with the AzureAD-Auth-Source.
If I now try to connect my client to the Wifi, using this Service, I can´t connect. In ClearPass I can´t see any entry in the AccessTracker, nor the Event Viewer.
Strange behaviour: if I now try to login to a switch, which has clearpass configured as radius-host, I can't login anymore. In ClearPass I don't see any entry in the Access Tracker. I haven´t changed anything in the service, which is responsible for the Switch login....
Original Message:
Sent: Jan 27, 2023 08:37 AM
From: Herman Robers
Subject: Azure AD Auth Source

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

Hi All,

Could you please provide link of Azure AD as authorization source? 

Thanks

Original Message:
Sent: Feb 16, 2023 10:49 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hello Herman,

my mistake. If added the Azure AD Source to Authorization, and everything works fine now.

Thx for your reply!

Kind regards

Matthias 

Original Message:
Sent: Feb 06, 2023 06:00 AM
From: Herman Robers
Subject: Azure AD Auth Source

The AzureAD Auth Source should be added as Authorization only, it cannot be used for authentication.

How are your clients configured for authentication? They typically are managed by Intune to get them provisioned with a client certificate and the proper supplicant configuration. Note that password authentication (PEAP) is not supported to Azure AD. Check here a typical setup of ClearPass with Azure AD & Intune:


------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Feb 02, 2023 07:30 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hello Herman,

thx for your reply.

I've created the App via the App Registration, and configured the permissions like you mentioned.
Then I've added a new Authentication Source in ClearPass using the Tenant Id, Client Id and Client Secret. Test Connection stated "Connection Successful"

Then in one service (Wireless 802.1X) I´ve replaced the AD-Authenication-Source with the AzureAD-Auth-Source.
If I now try to connect my client to the Wifi, using this Service, I can´t connect. In ClearPass I can´t see any entry in the AccessTracker, nor the Event Viewer.
Strange behaviour: if I now try to login to a switch, which has clearpass configured as radius-host, I can't login anymore. In ClearPass I don't see any entry in the Access Tracker. I haven´t changed anything in the service, which is responsible for the Switch login....
Original Message:
Sent: Jan 27, 2023 08:37 AM
From: Herman Robers
Subject: Azure AD Auth Source

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

------------------------------
William Bargeman
Systems Engineer Aruba
------------------------------

Original Message:
Sent: Feb 27, 2023 02:04 AM
From: harutyun.hakobyan
Subject: Azure AD Auth Source

Hi All,

Could you please provide link of Azure AD as authorization source? 

Thanks

Original Message:
Sent: Feb 16, 2023 10:49 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hello Herman,

my mistake. If added the Azure AD Source to Authorization, and everything works fine now.

Thx for your reply!

Kind regards

Matthias 

Original Message:
Sent: Feb 06, 2023 06:00 AM
From: Herman Robers
Subject: Azure AD Auth Source

The AzureAD Auth Source should be added as Authorization only, it cannot be used for authentication.

How are your clients configured for authentication? They typically are managed by Intune to get them provisioned with a client certificate and the proper supplicant configuration. Note that password authentication (PEAP) is not supported to Azure AD. Check here a typical setup of ClearPass with Azure AD & Intune:


------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Feb 02, 2023 07:30 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hello Herman,

thx for your reply.

I've created the App via the App Registration, and configured the permissions like you mentioned.
Then I've added a new Authentication Source in ClearPass using the Tenant Id, Client Id and Client Secret. Test Connection stated "Connection Successful"

Then in one service (Wireless 802.1X) I´ve replaced the AD-Authenication-Source with the AzureAD-Auth-Source.
If I now try to connect my client to the Wifi, using this Service, I can´t connect. In ClearPass I can´t see any entry in the AccessTracker, nor the Event Viewer.
Strange behaviour: if I now try to login to a switch, which has clearpass configured as radius-host, I can't login anymore. In ClearPass I don't see any entry in the Access Tracker. I haven´t changed anything in the service, which is responsible for the Switch login....
Original Message:
Sent: Jan 27, 2023 08:37 AM
From: Herman Robers
Subject: Azure AD Auth Source

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

In your Azure Application screenshot, where does the Application ID URI come from?

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer
------------------------------

Original Message:
Sent: Jan 27, 2023 08:37 AM
From: Herman Robers
Subject: Azure AD Auth Source

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

Application ID URI is not needed when you use Azure AD as an authorization source. Application ID is only needed if you use AAD for SAML authentication within ClearPass.

------------------------------
Willem Bargeman
------------------------------

Original Message:
Sent: Feb 28, 2023 04:25 PM
From: bosborne
Subject: Azure AD Auth Source

In your Azure Application screenshot, where does the Application ID URI come from?

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Jan 27, 2023 08:37 AM
From: Herman Robers
Subject: Azure AD Auth Source

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?