Aruba ClearPass is a policy management platform that many businesses are implementing to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on users’ roles, device type, and cybersecurity posture.
Enable miniOrange MFA for External RADIUS Servers
Primary authentication initiates when the user enters the credentials in order to access the application.
An authentication request is sent to miniOrange by the application.
Based on the authentication request miniOrange sends the RADIUS Request to the external RADIUS Server (in this case ClearPass) to validate the intial request.
Once the user's first level of authentication gets validated, the RADIUS Server will then send RADIUS Response to miniOrange.
Then, miniOrange asks for the 2-factor authentication challenge to the user.
User submits the response/code based on the second factor method selected.
The user response (or second factor) is validated in miniOrange.
On successful 2nd factor authentication the user is granted access to the application.
What are different 2FA/MFA methods for ClearPass supported by miniOrange?
miniOrange provides 15+ 2FA/MFA authentication methods for ClearPass: OTP over SMS-Email, Push Notification, Software Token, Google / Microsoft Authenticator etc. You can opt for any of the 2FA methods to secure your ClearPass. To integrate 2FA, you can enable RADIUS authentication in ClearPass and configure policies in miniOrange to enable or disable 2FA for users.
Connect with any External Directories
miniOrange provides user authentication from various external directories such as miniOrange Directory, Microsoft AD, Azure Active Directory/LDAP, AWS Cognito and many more.
From the dashboard navigation select User Store >> Add User Store.
Select User Store type as Radius.
Enter your Server Name.
Enter Server Host or Host IP Address.
Enter Server Port.
Enter Shared Secret.
2. Configure Two-Factor Authentication 2FA for Admin Dashboard
From your miniOrange Dashboard in the left navigation bar, select 2- Factor Authentication, click on Configure 2FA.
Choose any 2FA method you want to configure.
Let's say you want to configure OTP over SMS
Click on OTP over SMS
Now add your mobile number on which you want to receive the OTP.
Then click on Save.
Now as shown in the above image, OTP over SMS is your Active 2FA method.
Enable Prompt for second factor during signin to your console.
Then click on Save.
To verify the configuration login again.
You will be asked for Username and password then it is redirected to below page:
Enter the OTP received on the phone and click on verify.
If you are redirected to your dashboard, you have successfully configured OTP over SMS as your 2FA method.
Similarly you can configure rest of the 2FA methods for miniOrange dashboard. Click Here for the Guide
3. Configure Two-Factor Authentication 2FA for End-Users
Login into your End-User Dashboard using Active Directory Credentials.
Select Configure 2FA from left panel.
Browse through the Second factor options and choose an appropriate method to be used by the particular End-User during login.
In this guide, we have selected the method "OTP OVER SMS". You can explore the guide to setup other methods here.
Click on configure/reconfigure "OTP OVER SMS".
Enter you phone number along with the necessary country code and click on SAVE below. After the Phone details are saved successfully, click on the Save button on the top bar to set this as your 2FA method.
To use a particular method of 2FA, we configure that method first and then select the method and click on SAVE.