Security

Hello Herman,

my mistake. If added the Azure AD Source to Authorization, and everything works fine now.

Thx for your reply!

Kind regards

Matthias 

Hi All,

Could you please provide link of Azure AD as authorization source? 

Thanks

Hello Herman,

my mistake. If added the Azure AD Source to Authorization, and everything works fine now.

Thx for your reply!

Kind regards

Matthias 

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

Hi Julián,

There are two integrations types:

• Entra ID (Azure AD); this is used to fetch user/computer authorization information from Entra. This is build in natively in ClearPass and no extension is needed. Supported since 6.11 and enhanced in 6.12 release.
• Intune extension; Intune integration can be used to fetch computer information from Intune to do additional authorization checks. For example, check compliant state in Intune. Another example is, check if computer exists in Intune. For this an extension needs to be installed. Please check this document

Both can be used at the same time but there is no relation/dependency between this two integrations with ClearPass.

------------------------------
Willem Bargeman
Systems Engineer Aruba
ACEX #125

Original Message:
Sent: Mar 11, 2025 12:20 PM
From: fjulianom
Subject: Azure AD Auth Source

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

------------------------------
Regards,
Julian

Original Message:
Sent: Feb 06, 2023 06:00 AM
From: Herman Robers
Subject: Azure AD Auth Source

The AzureAD Auth Source should be added as Authorization only, it cannot be used for authentication.

How are your clients configured for authentication? They typically are managed by Intune to get them provisioned with a client certificate and the proper supplicant configuration. Note that password authentication (PEAP) is not supported to Azure AD. Check here a typical setup of ClearPass with Azure AD & Intune:


------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Feb 02, 2023 07:30 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hello Herman,

thx for your reply.

I've created the App via the App Registration, and configured the permissions like you mentioned.
Then I've added a new Authentication Source in ClearPass using the Tenant Id, Client Id and Client Secret. Test Connection stated "Connection Successful"

Then in one service (Wireless 802.1X) I´ve replaced the AD-Authenication-Source with the AzureAD-Auth-Source.
If I now try to connect my client to the Wifi, using this Service, I can´t connect. In ClearPass I can´t see any entry in the AccessTracker, nor the Event Viewer.
Strange behaviour: if I now try to login to a switch, which has clearpass configured as radius-host, I can't login anymore. In ClearPass I don't see any entry in the Access Tracker. I haven´t changed anything in the service, which is responsible for the Switch login....
Original Message:
Sent: Jan 27, 2023 08:37 AM
From: Herman Robers
Subject: Azure AD Auth Source

Quite sure there is documentation around creating the Azure AD application, but can't find it quickly... Here are the permissions that I use:
Get the Tenant ID (3d... in the screenshot) and Client ID (1d...) from the App Registration page:
And the client secret under Certificates & secrets.

If someone found the page for the documentation, please post here.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 27, 2023 05:21 AM
From: MatthiasP
Subject: Azure AD Auth Source

Hi everybody,

with the ClearPass 6.11.x release ClearPass now supports Azure as authentication source. The User Guide says:

For ClearPass to access user details from  Azure, a ClearPass administrator needs to create an application and register it. Once registered, obtain  Tenant ID and Client ID details from the application's Overview page. The application also requires certain permissions in order for ClearPass to integrate smoothly.

Has anyone already created the application in Azure and can tell where I can find documentation which config is needed in the application?

Hi Willem,

Thanks for your fast reply. One more doubt. How can I test my ClearPass can fetch attributes from or can communicate with the Azure AD authentication source I have just configured? Or any test to see my Authentication source configuration on ClearPass and the Azure App for ClearPass on Azure AD both are correct. 

Regards,

Julián

Hi Julián,

There are two integrations types:

• Entra ID (Azure AD); this is used to fetch user/computer authorization information from Entra. This is build in natively in ClearPass and no extension is needed. Supported since 6.11 and enhanced in 6.12 release.
• Intune extension; Intune integration can be used to fetch computer information from Intune to do additional authorization checks. For example, check compliant state in Intune. Another example is, check if computer exists in Intune. For this an extension needs to be installed. Please check this document

Both can be used at the same time but there is no relation/dependency between this two integrations with ClearPass.

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

There is a test connection button in the Auth source. 

If the attributes are being received can be seen in the access tracker after an authentication attempt. 

Hi Willem,

Thanks for your fast reply. One more doubt. How can I test my ClearPass can fetch attributes from or can communicate with the Azure AD authentication source I have just configured? Or any test to see my Authentication source configuration on ClearPass and the Azure App for ClearPass on Azure AD both are correct. 

Regards,

Julián

Hi Julián,

There are two integrations types:

• Entra ID (Azure AD); this is used to fetch user/computer authorization information from Entra. This is build in natively in ClearPass and no extension is needed. Supported since 6.11 and enhanced in 6.12 release.
• Intune extension; Intune integration can be used to fetch computer information from Intune to do additional authorization checks. For example, check compliant state in Intune. Another example is, check if computer exists in Intune. For this an extension needs to be installed. Please check this document

Both can be used at the same time but there is no relation/dependency between this two integrations with ClearPass.

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

Many thanks!

There is a test connection button in the Auth source. 

If the attributes are being received can be seen in the access tracker after an authentication attempt. 

Hi Willem,

Thanks for your fast reply. One more doubt. How can I test my ClearPass can fetch attributes from or can communicate with the Azure AD authentication source I have just configured? Or any test to see my Authentication source configuration on ClearPass and the Azure App for ClearPass on Azure AD both are correct. 

Regards,

Julián

Hi Julián,

There are two integrations types:

• Entra ID (Azure AD); this is used to fetch user/computer authorization information from Entra. This is build in natively in ClearPass and no extension is needed. Supported since 6.11 and enhanced in 6.12 release.
• Intune extension; Intune integration can be used to fetch computer information from Intune to do additional authorization checks. For example, check compliant state in Intune. Another example is, check if computer exists in Intune. For this an extension needs to be installed. Please check this document

Both can be used at the same time but there is no relation/dependency between this two integrations with ClearPass.

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

Hi Julián,

There are two integrations types:

• Entra ID (Azure AD); this is used to fetch user/computer authorization information from Entra. This is build in natively in ClearPass and no extension is needed. Supported since 6.11 and enhanced in 6.12 release.
• Intune extension; Intune integration can be used to fetch computer information from Intune to do additional authorization checks. For example, check compliant state in Intune. Another example is, check if computer exists in Intune. For this an extension needs to be installed. Please check this document

Both can be used at the same time but there is no relation/dependency between this two integrations with ClearPass.

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

Hi Willem,

Thanks, For your explanation.

I have few Queries regarding the same.

1. Is there is document which gives URL details need to allowed for Communication Between Clearpass & Azure AD(Entra ID), Also Clearpass & Intune?

2. Can We use Authorization Via Azure AD, EAP-TLS & Then Posture Check using On guard or We required Intune to integrate with CPPM to use as authentication Source?

Hi Julián,

There are two integrations types:

• Entra ID (Azure AD); this is used to fetch user/computer authorization information from Entra. This is build in natively in ClearPass and no extension is needed. Supported since 6.11 and enhanced in 6.12 release.
• Intune extension; Intune integration can be used to fetch computer information from Intune to do additional authorization checks. For example, check compliant state in Intune. Another example is, check if computer exists in Intune. For this an extension needs to be installed. Please check this document

Both can be used at the same time but there is no relation/dependency between this two integrations with ClearPass.

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

1. I can't find a complete list of URL's that are used. 
2. You can use the Posture check but Intune is not the source for the Posture check. I would recommend to use Intune as a Authorization source and fetch data from there instead of using the posture agent. EntraID and Intune are never a Authentication source. Authentication is done based on EAP-TLS/EAP-TEAP and Authorization is done against Intune + Entra.

Hi Willem,

Thanks, For your explanation.

I have few Queries regarding the same.

1. Is there is document which gives URL details need to allowed for Communication Between Clearpass & Azure AD(Entra ID), Also Clearpass & Intune?

2. Can We use Authorization Via Azure AD, EAP-TLS & Then Posture Check using On guard or We required Intune to integrate with CPPM to use as authentication Source?

Hi Julián,

There are two integrations types:

• Entra ID (Azure AD); this is used to fetch user/computer authorization information from Entra. This is build in natively in ClearPass and no extension is needed. Supported since 6.11 and enhanced in 6.12 release.
• Intune extension; Intune integration can be used to fetch computer information from Intune to do additional authorization checks. For example, check compliant state in Intune. Another example is, check if computer exists in Intune. For this an extension needs to be installed. Please check this document

Both can be used at the same time but there is no relation/dependency between this two integrations with ClearPass.

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

Hi Willem,

Thank you for your replay. Few queries on your response.

1. If we are using authorization Source as EntraID then in Authentication Tab of Service We use method EAP-TLS What will be Authentication Source?

2. Also can we Use only EntraID as authorization Source or Intune is also Compulsory?

1. I can't find a complete list of URL's that are used. 
2. You can use the Posture check but Intune is not the source for the Posture check. I would recommend to use Intune as a Authorization source and fetch data from there instead of using the posture agent. EntraID and Intune are never a Authentication source. Authentication is done based on EAP-TLS/EAP-TEAP and Authorization is done against Intune + Entra.

Hi Willem,

Thanks, For your explanation.

I have few Queries regarding the same.

1. Is there is document which gives URL details need to allowed for Communication Between Clearpass & Azure AD(Entra ID), Also Clearpass & Intune?

2. Can We use Authorization Via Azure AD, EAP-TLS & Then Posture Check using On guard or We required Intune to integrate with CPPM to use as authentication Source?

Hi Julián,

There are two integrations types:

• Entra ID (Azure AD); this is used to fetch user/computer authorization information from Entra. This is build in natively in ClearPass and no extension is needed. Supported since 6.11 and enhanced in 6.12 release.
• Intune extension; Intune integration can be used to fetch computer information from Intune to do additional authorization checks. For example, check compliant state in Intune. Another example is, check if computer exists in Intune. For this an extension needs to be installed. Please check this document

Both can be used at the same time but there is no relation/dependency between this two integrations with ClearPass.

Hi community,

Long time ago of this post. I have problems with Azure AD and ClearPass integration. Do I need to install the Intune extension in ClearPass? This guide says nothing about the extension, but this video does. What do you say? Thanks in advance.

Regards,

Julián

In your Azure Application screenshot, where does the Application ID URI come from?