You'll need to add an allow policy to the captive portal role.
Add an allow to the Alias for the DNS name. Make sure your controllers have a valid DNS server defined.
netdestination cloud-login_microsoftonline
name login.microsoftonline.com
name *.aadcdn.microsoftonline-p.com
!
Ref: ClearPass Clouds Services GitHub
https://github.com/aruba/clearpass-cloud-service-whitelists/blob/master/cloud-login/cloud-login_azure-active-directory.md
Original Message:
Sent: Jun 25, 2023 04:19 AM
From: aniqzumarziyad
Subject: Whitelist Microsoft Azure on a Mobility Controller
Hi All,
I am doing a POC (Proof-of-Concept) for a customer where I onboard devices with Azure AD via SAML. I am encountering an HSTS browser error when I want to redirect user from the guest SSID to the Microsoft Login Page. I know that we need to do preauth roles and insert an ACL to whitelist and allow user to be reidrected to the login page but I cannot find a method to do that on a controller.
Kindly refer attachment below for the pictures of my configuration.