Security

Hi

I have a few customers with ClearPass Guest sponsor lookup configured and the on-prem AD is the LDAP source for the sponsor search.

Now the customers are planning to decommission the on-prem Active Directory, and thus the sponsor lookup will stop working as Entra ID isn't an LDAP directory. Is it possible to tell the customer to configure Microsoft Entra Domain Services (AD DS) and utilize this service as the LDAP directory for the sponsor lookup?

Have anyone tried it and are there any caveats?

Hi,

We are doing this using SSO. It is much better and works fine! The user types in the URL and gets an Azure authentication window. He authenticates and then is directed to Guest page.

You have to create an Enterprise Application in Azure and use SAML.

Application type: Non-Gallery Application
Mode: SAML based Sign on

In the CP Login service you map the logged in user to a role and then  in ClearPass Guest you need to create an Operator Translation Rule for that role.

Best Regards

Istvan

Hi

I have a few customers with ClearPass Guest sponsor lookup configured and the on-prem AD is the LDAP source for the sponsor search.

Now the customers are planning to decommission the on-prem Active Directory, and thus the sponsor lookup will stop working as Entra ID isn't an LDAP directory. Is it possible to tell the customer to configure Microsoft Entra Domain Services (AD DS) and utilize this service as the LDAP directory for the sponsor lookup?

Have anyone tried it and are there any caveats?

Hi @Istvan Hegedus

I'm not sure if we are talking about the same thing here. I'm taking about the search function you can enable on a guest self registration page where the guest can start type the name of the person in the company they are visiting and the form will search for matches in the LDAP directory.

I think you refer to the sponsor login for approval.

Hi,

We are doing this using SSO. It is much better and works fine! The user types in the URL and gets an Azure authentication window. He authenticates and then is directed to Guest page.

You have to create an Enterprise Application in Azure and use SAML.

Application type: Non-Gallery Application
Mode: SAML based Sign on

In the CP Login service you map the logged in user to a role and then  in ClearPass Guest you need to create an Operator Translation Rule for that role.

Best Regards

Istvan

Hi

I have a few customers with ClearPass Guest sponsor lookup configured and the on-prem AD is the LDAP source for the sponsor search.

Now the customers are planning to decommission the on-prem Active Directory, and thus the sponsor lookup will stop working as Entra ID isn't an LDAP directory. Is it possible to tell the customer to configure Microsoft Entra Domain Services (AD DS) and utilize this service as the LDAP directory for the sponsor lookup?

Have anyone tried it and are there any caveats?