Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
181182183184185186187188189190
184 | Identity Dell Networking W-ClearPass Policy Manager 6.3 |User Guide
other database); by way of an example of such a class of users, guest or contractor records can be stored in the local
user repository.
To authenticate local users from a particular Service, include [Local User Repository] among the Authentication
Sources.
The Single Sign-On page allows you to enable access for Insight, Guest, and/or Policy Manager using a trusted IdP
certificate.
The Local Users page configures role-based access for individual users.
The Endpoints page lists the endpoints that have authenticated requests to Policy Manager. These entries are
automatically populated from the 802.1X, MAC-based authentications, and Web authentications processed by Policy
Manager. These can be further modified to add tags, known/unknown, disabled status.
A Static Host List comprises of a list of MAC and IP addresses. These can be used as whitelists or blacklists to control
access to the network.
For more information, see:
l "Configuring Single Sign-On" on page 184
l "Adding and Modifying Local Users" on page 185
l "Adding and Modifying Endpoints" on page 187
l "Adding and Modifying Static Host Lists" on page 189
Configuring Single Sign-On
Single Sign-On (SSO) allows ClearPass users to access the Policy Manager, Guest, and Insight applications without re-
authenticating after they have signed in to one of the applications. ClearPass provides SSOsupport through Security
Assertion Markup Language (SAMP). ClearPass allows you to create trusted relationships between SPs Service
Providers (SPs) and IdPs (Identity Providers).
Perform the following steps to configure and enable SSO.
1. Go to Configuration > Identity > Single Sign-On.
2. The Service SAMLSP Configuration tab, enter the IdP (Identity Provider) Single sign-on URL.
3. In the Enable SSO for section, select the checkbox for the application(s) you want users to access with single sign-
on.
4. If you want to do a certificate comparison, select the IdP Certificate to use. For example, the image below uses a
trusted EMAILADDRESS certificate.
The list of IdP Certificates includes all of those that are enabled on the Administration > Certificates >Trust List page.
Refer to "Certificate Trust List" on page 401 for more information.
5. Navigate to the SAML IdP Configuration tab.
6. To download IdP metadata for a specific IdP, enter the name of the IdP portal and then click the Download button.
7. To configure an SAMLservice provider, click the Add SP metadata button.
8. Specify the name of the service provider, and then browse to locate the metadata file.
9. Click Save.