Security

 View Only

  • 1.  Clearpass Policy Manager GUI - 2FA options

    Posted Oct 31, 2025 10:28 AM

    Hi Airheads,

    I've been tasked with looking into implementing MFA for Clearpass Policy Manager admin GUI access - before I go down the rabbit hole I wondered if anyone else has successfully implemented such a thing and can point me in the correct direction or has any recommendations.  

    The client is currently using local admin accounts configured locally on the cluster but does have an AD link for some user auth services. 

    They do also have an NPS server configured with the Entra ID extension however not sure this will work as GUI access is controlled using TACACS and not RADIUS? 

    Thanks in advance!



    -------------------------------------------


  • 2.  RE: Clearpass Policy Manager GUI - 2FA options

    Posted Nov 03, 2025 01:33 PM

    Hi,

    We built out native CPPM SSO using this : Configuring Single Sign-On 
    And tied into Azure Enterprise APP using: 
    Enable SAML single sign-on for an enterprise application - Microsoft Entra ID | Microsoft Learn

    -------------------------------------------



  • 3.  RE: Clearpass Policy Manager GUI - 2FA options

    Posted Nov 04, 2025 03:38 AM

    I have implemented SAML authentication with Microsoft ADFS as IdP as well as utilized ClearPass as IdP för smart card based certificate logon.

    Customers I have worked with have also implemented SAML authentication with different IdP's. One customer have chosen to use the Swedish BankID authentication as they already had the BankID IdP ready and just needed to do the SAML configuration. This method allows the administrators to perform MFA by scanning a QR code on the login page, and authenticate in the app on their mobile phone. The IdP sends the internal username as an attribute ClearPass can search in AD for authorization.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message


  • 4.  RE: Clearpass Policy Manager GUI - 2FA options

    Posted Nov 04, 2025 06:38 AM

    3rd vote for SAML. SAML everywhere you can. RADIUS/TACACS+ where you must.

    -------------------------------------------



Related Content