Two-Factor Authentication (2FA/MFA) for ClearPass
Aruba ClearPass is a policy management platform that many businesses are implementing to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on users’ roles, device type, and cybersecurity posture.
Enable miniOrange MFA for External RADIUS Servers
- Primary authentication initiates when the user enters the credentials in order to access the application.
- An authentication request is sent to miniOrange by the application.
- Based on the authentication request miniOrange sends the RADIUS Request to the external RADIUS Server (in this case ClearPass) to validate the intial request.
- Once the user's first level of authentication gets validated, the RADIUS Server will then send RADIUS Response to miniOrange.
- Then, miniOrange asks for the 2-factor authentication challenge to the user.
- User submits the response/code based on the second factor method selected.
- The user response (or second factor) is validated in miniOrange.
- On successful 2nd factor authentication the user is granted access to the application.
What are different 2FA/MFA methods for ClearPass supported by miniOrange?
miniOrange provides 15+ 2FA/MFA authentication methods for ClearPass: OTP over SMS-Email, Push Notification, Software Token, Google / Microsoft Authenticator etc. You can opt for any of the 2FA methods to secure your ClearPass. To integrate 2FA, you can enable RADIUS authentication in ClearPass and configure policies in miniOrange to enable or disable 2FA for users.
Connect with any External Directories
miniOrange provides user authentication from various external directories such as miniOrange Directory, Microsoft AD, Microsoft Entra ID/LDAP, AWS Cognito and many more.
Can't find your Directory? Contact us on idpsupport@xecurify.com
Enable Two-Factor Authentication (2FA)/MFA for ClearPass as RADIUS Server to extend security level.
1. Add ClearPass as External RADIUS Server
- Login to miniOrange Admin Console.
- From the dashboard navigation select User Store >> Add User Store.
- Select User Store type as Radius.
- Enter your Server Name.
- Enter Server Host or Host IP Address.
- Enter Server Port.
- Enter Shared Secret.
- Click Save.
2. Configure 2FA for ClearPass
2.1: Enable 2FA for Users of ClearPass app
- To enable 2FA for Users of ClearPass application. Go to Policies >> App Authentication Policy
- Click on Edit against the application you have configured.
- Enable the Enable 2-Factor Authentication (MFA) option.
- Click on Save.
2.2: Configure 2FA for your Endusers
- To enable 2FA/MFA for ClearPass endusers, go to 2-Factor Authentication >> 2FA Options For EndUsers.
- Select default Two-Factor authentication method for end users. Also, you can select particular 2FA methods, which you want to show on the end users dashboard.
- Once Done with the settings, click on Save to configure your 2FA settings.
2.3: Enduser 2FA Setup
- Login to End-User Dashboard using end user login URL.
- For Cloud Version: The login URL (branding url) which you have set.
- For On-Premise version: The login URL will be the same as of Admin Login URL.
- Select Setup 2FA from left panel. Then select any of the 2FA method available.
- For now, we have selected the SMS >> OTP OVER SMS as our 2FA method. You can explore the guide to setup other 2FA methods here.
- Enable the OTP over SMS if you have your phone number added under your profile section else click on Edit button.
- Enter you Phone Number along with the necessary country code and click on the SAVE button.
