ClearPass Policy Manager Platform

ManualsBrandsARUBA ManualsHardwareHPE ClearPass Policy Manager C1000 security appliance

Table Of Contents

QuickSpecs

Aruba ClearPass Policy Manager Platform

Overview

Page

•

Guest access with extensive customization, branding and sponsor-based approvals.

• Supports NAC and EMM/MDM integration for mobile device assessments.

• Comprehensive integration with the Aruba 360 Security Exchange Program.

• Single sign-on (SSO) support works with Ping, Okta and other identity management tools to improve user experience to

SAML 2.0-based applications.

• Advanced reporting and granular alerts

• Active and passive device fingerprinting

• Support for popular virtualizations platforms such as VMware vSphere Hypervisor (ESXi), Microsoft Hyper-

V, CentOS KVM

& Amazon EC2.

The ClearPass Difference

ClearPass is the only policy platform that centrally enforces all aspects of enterprise-grade access security for any industry.

Granular policy enforcement is based on a user's role, device type and role, authentication

method, EMM/MDM attributes, device

health, traffic patterns, location, and time

-of-day.

learPass offers extensive multi-vendor wireless, wired and VPN infrastructure support which enables IT to easily rollout secure

mobility policies across any environment.

Deployment scalability supports tens of thousands of devices and authentications which

surpasses the capabilities offered by

legacy AAA solutions. Options exist for small to large organizations, from centralized to distributed environments.

Advanced Policy Management

Enforcement and visibility for wired and wireless

With ClearPass, organizations can deploy wired or wireless using standards

-based 802.1X enforcement for secure authentication.

ClearPass also supports MAC address authentication for IoT and headless devices that may lack support for 802.1X. For wired

envir

onments where RADIUS based authentication cannot be deployed, OnConnect, offers an alternative using SNMP based

enforcement.

Authentication methods can be used to concurrently support a variety of use

-cases. It also includes support for multi-factor

authe

ntication based on log-in times, posture checks, and other context such as new user, new device, and more.

Attributes from multiple identity stores such as Microsoft Active Directory, LDAP

-compliant directory, ODBC-compliant SQL

database, token servers and

internal databases across domains can be used within a single policy for fine- grained control.

Contextual data from these profiled devices allows for IT to define what devices can access either the wired, VPN, or wireles

network. Device profile changes are dynamically used to modify authorization privileges. For example, if a Windows laptop appears

as a printer, ClearPass policies can automatically revoke or deny access.

Secure device configuration

ClearPass Onboard provides automated provisioning of any Windows, macOS, iOS, Android, Chromebook, and Ubuntu devices via a

user driven self

guided portal. Network details, security settings and unique device identity certificates are automatically configured

on authorized devices. Cloud identity services like Microsoft Azure Active Directory, Google G Suite and Okta can also be leveraged

as identity providers with Onboard for secure certificate enrollment.

Device health checks

ClearPass OnGuard leverages persistent and dissolvable agents to perform advanced endpoint posture assessments over wireless,

wired and VPN connections. OnGuard's health

-check capabilities ensure compliance and network safeguards before devices

connect.

Customizable Visitor Management

ClearPass Guest simplifies visitor workflow proces

ses to enable employees, receptionists, and other non-IT staff to create

temporary guest accounts for secure wireless and wired access. Highly customizable, mobile friendly portals provide easy

-to-use

-registration, sponsor approval, and bulk credential creation support any visitor needs ###

enterprise, retail, education, large public venue. Credentials can be delivered by SMS, email, printed badges, or input dire

ctly

through cloud identity providers such as Facebook or Tw

itter.

Built in support for commercial oriented guest Wi

-Fi hotspots with credit card billing and 3rd party advertising driven workflows

make it simple to integrate into a wide variety of environments.