Manualshelf

Deployment Guide

ManualsBrandsDell ManualsComputer equipmentPowerconnect W-ClearPass Hardware Appliances
241242243244245246247248249250
248 | Creating a New Operator Dell Networking W-ClearPass Guest 6.0 | Deployment Guide
Creating a New Operator
To create a new operator or administrator for ClearPass Guest or AirGroup, some steps are performed in ClearPass
Policy Manager (CPPM), and some steps are performed in ClearPass Guest, as described below:
1. Create an operator profile in ClearPass Guest, or use an existing one. See "Operator Profiles " on page 242.
To create AirGroup users, choose either the AirGroup Administrator or AirGroup Operator profile, as appropriate.
These profiles are automatically included in ClearPass Guest when the AirGroup Services plugin is installed.
2. Create a CPPM role for the operator: In ClearPass Policy Manager (CPPM), go to Configuration > Identity >
Roles and create a role that matches the operator profile. Refer to the ClearPass Policy Manager documentation
for information on creating the role.
3. Create a local user for the operator: In CPPM, go to Configuration > Identity > Local Users. Select the CPPM
role defined for the user. Refer to the ClearPass Policy Manager documentation for information on creating the
local user.
4. Create a translation rule to map the CPPM role name to the ClearPass Guest operator profile: In ClearPass
Guest, go to Administration > Operator Logins > Translation Rules.
5. In the Translation Rules list, choose the profile, then click its Edit link.
6. Edit the fields appropriately to match the CPPM role name to the ClearPass Guest operator profile. See "LDAP
Translation Rules " on page 254.
7. Click Save Changes.
External Operator Authentication
Operators defined externally in your company’s directory server form the second type of operator. Authentication of
the operator is performed using LDAP directory server operations. The attributes stored for an authenticated
operator are used to determine what operator profile should be used for that user.
The Manage Operator Servers and the Translation Rules commands allow you to set up operator logins integrated
with a Microsoft Active Directory domain or another LDAP server.
NOTE: The operator management features, such as creating and editing operator logins, apply only to local operator logins
defined in ClearPass Guest. You cannot create or edit operator logins using LDAP. Only authentication is supported.