Hello there!

Need Help? We are right here!

miniOrange Email Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Two-Factor Authentication (2FA/MFA) for ClearPass

Aruba ClearPass is a policy management platform that many businesses are implementing to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on users’ roles, device type, and cybersecurity posture.

Enable miniOrange MFA for External RADIUS Servers

MFA 2FA two-factor authentication for ClearPass

  • Primary authentication initiates when the user enters the credentials in order to access the application.
  • An authentication request is sent to miniOrange by the application.
  • Based on the authentication request miniOrange sends the RADIUS Request to the external RADIUS Server (in this case ClearPass) to validate the intial request.
  • Once the user's first level of authentication gets validated, the RADIUS Server will then send RADIUS Response to miniOrange.
  • Then, miniOrange asks for the 2-factor authentication challenge to the user.
  • User submits the response/code based on the second factor method selected.
  • The user response (or second factor) is validated in miniOrange.
  • On successful 2nd factor authentication the user is granted access to the application.

What are different 2FA/MFA methods for ClearPass supported by miniOrange?

miniOrange provides 15+ 2FA/MFA authentication methods for ClearPass: OTP over SMS-Email, Push Notification, Software Token, Google / Microsoft Authenticator etc. You can opt for any of the 2FA methods to secure your ClearPass. To integrate 2FA, you can enable RADIUS authentication in ClearPass and configure policies in miniOrange to enable or disable 2FA for users.

Connect with any External Directories

miniOrange provides user authentication from various external directories such as miniOrange Directory, Microsoft AD, Azure Active Directory/LDAP, AWS Cognito and many more.

Can't find your Directory? Contact us on idpsupport@xecurify.com

Enable Two-Factor Authentication (2FA)/MFA for ClearPass as RADIUS Server to extend security level.

1. Add ClearPass as External RADIUS Server

  • Login to miniOrange Admin Console.
  • From the dashboard navigation select User Store >> Add User Store.
  • ClearPass Two-Factor Authentication 2FA

  • Select User Store type as Radius.
  • Enter your Server Name.
  • Enter Server Host or Host IP Address.
  • Enter Server Port.
  • Enter Shared Secret.
  • ClearPass Two-Factor Authentication 2FA

  • Click Save.

2. Configure Two-Factor Authentication 2FA for Admin Dashboard

  • From your miniOrange Dashboard in the left navigation bar, select 2- Factor Authentication, click on Configure 2FA.

  • Two factor-authentication for ClearPass | configure_2fa

  • Choose any 2FA method you want to configure.
  • Let's say you want to configure OTP over SMS
  • Click on OTP over SMS
  • Two factor-authentication for ClearPass  | otp_over_sms

    Two factor-authentication for ClearPass  | enter_phone_no

  • Now add your mobile number on which you want to receive the OTP.
  • Then click on Save.
  • Two factor-authentication for ClearPass  | save_phone_number

    Two factor-authentication for ClearPass  | otp_over_sms_active

  • Now as shown in the above image, OTP over SMS is your Active 2FA method.
  • Enable Prompt for second factor during signin to your console.
  • Then click on Save.
  • Two factor-authentication for ClearPass  | enable_2fa

  • To verify the configuration login again.
  • You will be asked for Username and password then it is redirected to below page:
  • Enter the OTP received on the phone and click on verify.
  • Two factor-authentication for ClearPass  |  2fa_otp_verification

  • If you are redirected to your dashboard, you have successfully configured OTP over SMS as your 2FA method.
  • Similarly you can configure rest of the 2FA methods for miniOrange dashboard. Click Here for the Guide

3. Configure Two-Factor Authentication 2FA for End-Users

  • Login into your End-User Dashboard using Active Directory Credentials.
  • Select Configure 2FA from left panel.
  • MFA/Two Factor Authentication(2FA) for ClearPass  Configure 2FA Panel

  • Browse through the Second factor options and choose an appropriate method to be used by the particular End-User during login.
  • In this guide, we have selected the method "OTP OVER SMS". You can explore the guide to setup other methods here.
  • MFA/Two Factor Authentication(2FA) for ClearPass Configure Second Factor(OTP over SMS)

  • Click on configure/reconfigure "OTP OVER SMS".
  • Enter you phone number along with the necessary country code and click on SAVE below. After the Phone details are saved successfully, click on the Save button on the top bar to set this as your 2FA method.
  • MFA/Two Factor Authentication(2FA) for ClearPass  Configure Second Factor-SMS(Enter Mobile Number)

  • To use a particular method of 2FA, we configure that method first and then select the method and click on SAVE.
  • Currently used method is denoted by green color.
  • MFA/Two Factor Authentication(2FA) for ClearPass Configuration done successfully

Our Other Identity & Access Management Products