Cloud Managed Networks

Dear Experts, 

One of the customer is planning for AOS 10 setup. They want to integrate with Azure AD and do authentication based on certificates that are issued internally by their firewall/server. Do we need Central NAC, and is it possible to use customer's own certificates for authentication of users and devices? so far what i have read, i think it may not be possible since cloud auth provisions its own certs?

Azure AD is now called Entra ID. And what you describe is called Bring Your Own Certificates in Central NAC.

Cloud Authentication and Poilcy (Classic Central) indeed supports Central provisioned certificates; Central NAC (New Central) supports in addition custom certificates as part of the Premium NAC License. Note that for Central NAC, configuration needs to be in New Central.

Dear Experts, 

One of the customer is planning for AOS 10 setup. They want to integrate with Azure AD and do authentication based on certificates that are issued internally by their firewall/server. Do we need Central NAC, and is it possible to use customer's own certificates for authentication of users and devices? so far what i have read, i think it may not be possible since cloud auth provisions its own certs?

Azure AD is now called Entra ID. And what you describe is called Bring Your Own Certificates in Central NAC.

Cloud Authentication and Poilcy (Classic Central) indeed supports Central provisioned certificates; Central NAC (New Central) supports in addition custom certificates as part of the Premium NAC License. Note that for Central NAC, configuration needs to be in New Central.

Dear Experts, 

One of the customer is planning for AOS 10 setup. They want to integrate with Azure AD and do authentication based on certificates that are issued internally by their firewall/server. Do we need Central NAC, and is it possible to use customer's own certificates for authentication of users and devices? so far what i have read, i think it may not be possible since cloud auth provisions its own certs?

I'm not sure about machine authentication, and for now would say it's not possible as the user needs to be in EntraID. Possibly you can assign a certificate with a user account for the machine certificate and authenticate through that path.

Documentation for Central NAC is here. In my previous response, I added a direct link to the BYOC (Bring your own certificate) section.

Azure AD is now called Entra ID. And what you describe is called Bring Your Own Certificates in Central NAC.

Cloud Authentication and Poilcy (Classic Central) indeed supports Central provisioned certificates; Central NAC (New Central) supports in addition custom certificates as part of the Premium NAC License. Note that for Central NAC, configuration needs to be in New Central.

Dear Experts, 

One of the customer is planning for AOS 10 setup. They want to integrate with Azure AD and do authentication based on certificates that are issued internally by their firewall/server. Do we need Central NAC, and is it possible to use customer's own certificates for authentication of users and devices? so far what i have read, i think it may not be possible since cloud auth provisions its own certs?

For BYOC feature you need Pro subscription and here you can find the details HPE Aruba Networking Central NAC

I'm not sure about machine authentication, and for now would say it's not possible as the user needs to be in EntraID. Possibly you can assign a certificate with a user account for the machine certificate and authenticate through that path.

Documentation for Central NAC is here. In my previous response, I added a direct link to the BYOC (Bring your own certificate) section.

Azure AD is now called Entra ID. And what you describe is called Bring Your Own Certificates in Central NAC.

Cloud Authentication and Poilcy (Classic Central) indeed supports Central provisioned certificates; Central NAC (New Central) supports in addition custom certificates as part of the Premium NAC License. Note that for Central NAC, configuration needs to be in New Central.

Dear Experts, 

One of the customer is planning for AOS 10 setup. They want to integrate with Azure AD and do authentication based on certificates that are issued internally by their firewall/server. Do we need Central NAC, and is it possible to use customer's own certificates for authentication of users and devices? so far what i have read, i think it may not be possible since cloud auth provisions its own certs?