Manualshelf

Deployment Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
301302303304305306307308309310
304 | Operator Logins Dell Networking W- ClearPass Guest 6.1 | Deployment Guide
Creating a New Operator
To create a new operator or administrator for ClearPass Guest or AirGroup, some steps are performed in ClearPass
Policy Manager (CPPM), and some steps are performed in ClearPass Guest, as described below:
1. Create an operator profile in ClearPass Guest, or use an existing one. See "Operator Profiles" on page 298.
l To create an AirGroup user, choose either the AirGroup Administrator or AirGroup Operator profile, as
appropriate. These profiles are automatically included in ClearPass Guest when the AirGroup Services plugin
is installed.
l MACTrac users are created entirely in CPPM.
2. Create a CPPM role for the operator: In CPPM, go to Configuration > Identity > Roles and create a role that
matches the operator profile. Refer to the ClearPass Policy Manager documentation for information on creating
the role.
l When creating AirGroup users or MACTrac users, the appropriate roles are already created in CPPM.
3. Create a local user for the operator: In CPPM, go to Configuration > Identity > Local Users and click Add
User. In the Add Local User form, complete the fields and choose the appropriate role from the Role drop-down
list.
l To create an AirGroup user, choose either the AirGroup Administrator or AirGroup Operator role, as
appropriate.
l To create a MACTrac user, choose the MACTrac Operator role. This form completes MACTrac user
creation; the following steps are not required.
4. Create a translation rule to map the CPPM role name to the ClearPass Guest operator profile: In ClearPass
Guest, go to Administration > Operator Logins > Translation Rules.
5. In the Translation Rules list, choose the profile, then click its Edit link.
6. Edit the fields appropriately to match the CPPM role name to the ClearPass Guest operator profile. See "LDAP
Translation Rules" on page 310.
7. Click Save Changes.
External Operator Authentication
Operators defined externally in your company’s directory server form the second type of operator. Authentication of
the operator is performed using LDAP directory server operations. The attributes stored for an authenticated
operator are used to determine what operator profile should be used for that user.
The Manage Operator Servers and the Translation Rules commands allow you to set up operator logins integrated
with a Microsoft Active Directory domain or another LDAP server.