Cloud Managed Networks

 View Only
Back to discussions
Expand all | Collapse all

UXI Sensor Authentication on SSID with Cloud Auth (Entra ID) and WPA3-Enterprise via Aruba Central

This thread has been viewed 12 times

  • 1.  UXI Sensor Authentication on SSID with Cloud Auth (Entra ID) and WPA3-Enterprise via Aruba Central

    Posted Apr 23, 2026 05:03 PM

    Hi everyone,

    I'm looking for some guidance on the best practices for authenticating UXI sensors in a specific environment. Here is my current infrastructure:

    • Hardware: Aruba AP-635s and 9106 Gateways.

    • Management: Aruba Central (AOS 10).

    • SSID Configuration: WPA3-Enterprise.

    • Authentication: Integrated with Microsoft Entra ID using the Aruba Central API (Cloud Auth).

    • Segmentation: Dynamic VLANs assigned via User Roles.

    The Issue: I need to deploy UXI sensors to monitor this specific SSID. Since these sensors are not "standard" clients with interactive login capabilities, I am unsure how to properly handle their authentication against Entra ID through the Central API.

    My specific questions are:

    1. What is the recommended method for a UXI sensor to authenticate on an SSID that relies on Cloud Auth?

    2. Do I need to create a dedicated service account in Entra ID for the sensors, or is there a way to bypass interactive authentication through the UXI Dashboard onboarding process?

    3. How should I handle Role assignment to ensure the sensor is placed into the correct management VLAN?

    Any documentation or advice on the authentication flow for UXI in a "Full-Cloud" architecture with AOS 10 would be greatly appreciated.

    Thanks in advance!



    ------------------------------
    Francisco Pinto
    francisco.pinto@novatec-corp.com
    ------------------------------


  • 2.  RE: UXI Sensor Authentication on SSID with Cloud Auth (Entra ID) and WPA3-Enterprise via Aruba Central

    Posted Apr 28, 2026 10:46 AM

    I documented an option to generate/get the passpoint profile for Android, and extract the info from there.

    And for that, yes you would need an Entra ID account as it's used for authorization; and the role mapping is done typically by Entra ID group (optionally the device type as well).

    For authentication of arbitrary devices, you would use the BYOC (Bring your own Certificate) feature in the Central NAC Pro license; but that doesn't really test the Entra ID integration, which the described option does including role mapping.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: UXI Sensor Authentication on SSID with Cloud Auth (Entra ID) and WPA3-Enterprise via Aruba Central

    Posted Apr 30, 2026 11:49 AM

    Thank you for your contribution. I'm afraid this option has been disabled by Aruba. You can no longer install the certificate without the onboard app. Additionally, the DPP is not active either. Do you have any other way to register the UXI on the network?



    ------------------------------
    Francisco Pinto
    francisco.pinto@novatec-corp.com
    ------------------------------

    Original Message


Related Content