Security

We are looking for a way to register all devices on our wireless networks, both open and 802.1x before they can connect. If the user registering is a member of our active directory we would like fname, lname and employee/student registered and maintained in CPPM endpoint database. After that they connect as they normally do.

If they are note a member of our active directory we would like to auth agaisnt facebook, gmail or some other service.

Is this possible using CPPM?

Hi,

I think you can do it technically but I am not sure if you really want to do that as it will not be user friendly and you might get a lot of support tickets in my opinion..

You can create an open wireless network with Captive portal page on ClearPass. On this guest portal, the user can login via any social media option that you want (Facebook, Gmail..etc.) On the same page, you can optionally add a link ("If you are a corporate user, click here to register your device") which points them to the device registration page on ClearPass. Actually, if you use ClearPass Onboard you will be also able to provision the device securely as such.

In parallel, you configure your 802.1x policy to check if the device is registered and passes authentication to grant them access. If it only passes authentication (but it is not registered), you can assign them a role that asks them to register their devices or block their access (not user friendly)

 I know acceptance is going to be an issue, i plan on setting up an isolated area as a prof of concept first. I was hoping to find a sample config someplace before doing a deep dive into the CPPM manuals.