Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CLEARPASS 6.11 - EAP-TEAP authentication against Entra ID - Is it possible?

This thread has been viewed 25 times

  • 1.  CLEARPASS 6.11 - EAP-TEAP authentication against Entra ID - Is it possible?

    Posted 12 days ago

    We are in the process of upgrading from PEAP to TLS (prefer TEAP) on our wireless network.  My understanding is that CP 6.11 currently only supports user authentication against Entra ID.  So, is it possible to do TEAP authentication against Entra ID?  If so, how?  Thanks.



  • 2.  RE: CLEARPASS 6.11 - EAP-TEAP authentication against Entra ID - Is it possible?

    MVP EXPERT
    Posted 11 days ago

    FAIK 

    ClearPass can interact with Azure to retrieve user group details and perform policy enforcement. This source is only capable of authorization, not authentication.

    Azure (arubanetworks.com)



    ------------------------------
    Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------

    Original Message


  • 3.  RE: CLEARPASS 6.11 - EAP-TEAP authentication against Entra ID - Is it possible?

    Posted 11 days ago

    Hi.  My understanding is that 6.11 only support Entra ID user authentication - utilizing the userPrincipalName from the client cert - to retrieve user group information for role mapping and subsequently policy enforcement.


    Original Message


  • 4.  RE: CLEARPASS 6.11 - EAP-TEAP authentication against Entra ID - Is it possible?

    Posted 11 days ago

    Not users, no. You can authenticate devices if you use the Intune Extension to sync devices and use the Endpoint Database to authenticate.


    Original Message