IAM and Aruba ClearPass SSO Sync 100

andrianus_eko Lv1Posted 02 Feb 2019 22:51

Currently, our client are use Aruba ClearPass for device authentication that connect into network. For authentication, ClearPass use .1x and sync into Active Directory. Our client want to try IAM to get better and deeper bandwidth management and reporting.
My problem is IAM could only get IP based username instead of AD users. I tried to sync IAM with AD but has no effect at all.
Can anyone suggest what type of sync that could be used to sync between ClearPass and IAM?

Thank you

Muhammad Talha has solved this question and earned 120 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins, 100 coins of bounty and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Hi Dear,

Sorry I was busy, Yes I am sure IAM can sync with Aruba ClearPass, From Monday onwards are CTI will be back so you can try with the help of our Sangfor technical engineer. If it is urgent you can open a support case and I am sure someone will help you remotely to configure Aruba Clear Pass server.
Is this answer helpful?
Muhammad Talha Lv3Posted 03 Feb 2019 06:03
  
Last edited by Muhammad Talha 03 Feb 2019 06:08.

Hi Dear,

You can easily sync your AD domain accounts to IAM. I have attached some pictures for reference and a link for guide how to configure AD with you IAM. Hope this will help you out.
After you successfully configure, you can authenticate your users with Domain name instead of IP address.
Beside this there are several other ways also to authenticate that includes MAC address and hostname also.
Thanks.

Link : http://community.sangfor.com/plu ... iewdatabase&tid=881
AD1.png
AD2.png
AD3.png
andrianus_eko Lv1Posted 04 Feb 2019 10:26
  
Dear Talha,

Thank you for your reply.
I've tried to used that method, but IAM still can't display the username. Maybe it's because authentication took place in ClearPass, so ClearPass is the only one knows the binding between user and IP.
Currently I try to use Enable API for SSO using HTTP request as shown below. Can you give me some advice to implement this method into Aruba ClearPass?

613095c579f8425d2b.png
andrianus_eko Lv1Posted 06 Feb 2019 16:34
  
Hi,

Can anyone give any suggestion?

Thank you
Muhammad Talha Lv3Posted 06 Feb 2019 20:33
  
Hi,

can you please let me know that your users successfully authenticated with IAM, only your issue is it's not showing username ?
andrianus_eko Lv1Posted 07 Feb 2019 19:32
  
Hi Talha,

Thank you for replying.
By the way, maybe I get you wrong for explaining. Here is the simple topology that I made.
Problems.png
Currently, devices are doing authentication into Aruba ClearPass with 802.1x protocol. And as NAC, ClearPass get the credentials from AD server. And the problem is the user are not want to authenticate the access into Sangfor IAM and they still want to use ClearPass NAC for device to authenticate the connection.
And as far as I know, IAM are using javascript functions for 3rd Party SSO Server. And IAM are listening for HTTP request for login and logout that send by 3rd party server. But ClearPass are only capable to send the information with JSON and REST API method.
andrianus_eko Lv1Posted 09 Feb 2019 22:37
  
So, I will make it simple. Can Sangfor IAM sync with Aruba ClearPass?
Muhammad Talha Lv3Posted 10 Feb 2019 03:24
  
Hi Dear,

Sorry I was busy, Yes I am sure IAM can sync with Aruba ClearPass, From Monday onwards are CTI will be back so you can try with the help of our Sangfor technical engineer. If it is urgent you can open a support case and I am sure someone will help you remotely to configure Aruba Clear Pass server.
andrianus_eko Lv1Posted 10 Feb 2019 12:35
  
Hi Talha,

Thank you very much for your reply. I do hope that this problem could solve ASAP. And I happy to help if there any CTI engineer need remote session to configure it.
Darrel_IAM Lv2Posted 12 Feb 2019 09:51
  
Hi Andrianus:
        Sangfor IAM support RestAPI on high version (>12.0.13), you may check the “system" - "general" - "advance" - " Public API".
        Wish it work for u .

I Can Help:

Change

Moderator on This Board

11
54
1

Started Topics

Followers

Follow

15
21
3

Started Topics

Followers

Follow

Board Leaders