Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

211

212

213

214

215

216

217

218

219

220

192 | Identity Dell Networking W-ClearPass Policy Manager 6.4 |User Guide

Configuring Single Sign-On, Local Users, Endpoints, and Static

Host Lists

The internal Policy Manager database ([Local User Repository], [Guest User Repository]) supports storage of user

records, when a particular class of users is not present in a central user repository (e.g., neither Active Directory

nor other database); by way of an example of such a class of users, guest or contractor records can be stored in

the local user repository.

To authenticate local users from a particular service, include [Local User Repository] among the Authentication

Sources.

The Single Sign-On page allows you to enable access for Insight, Guest, and/or Policy Manager using a trusted

IdP certificate. The Local Users page configures role-based access for individual users. The Endpoints page

lists the endpoints that have authenticated requests to Policy Manager. These entries are automatically

populated from the 802.1X, MAC-based, and Web authentication and processed by Policy Manager. These can

be further modified to add tags, known/unknown, disabled status. A Static Host List comprises of a list of

MAC and IP addresses. These can be used as whitelists or blacklists to control access to the network. For more

information, see:

l Configuring Single Sign-On on page 192

l Adding and Modifying Local Users on page 193

l Adding and Modifying Endpoints on page 195

l Adding and Modifying Static Host Lists on page 200

Configuring Single Sign-On

Single Sign-On (SSO) allows ClearPass users to access the Policy Manager, Guest, and Insight applications

without re-authenticating after they have signed in to one of the applications. ClearPass provides SSOsupport

through Security Assertion Markup Language (SAML). ClearPass allows you to create trusted relationships

between Service Provider (SP) and Identity Provider (IdP).

Perform the following steps to configure and enable SSO.

1. Go to Configuration > Identity > Single Sign-On.

2. The Service SAMLSP Configuration tab, enter the IdP Single sign-on URL.

3. In the Enable SSO for section, select the checkbox for the application(s) you want users to access with

single sign-on.

4. To do a certificate comparison, select the IdP Certificate from the Select Certificate drop-down list. For

example, the image below uses a trusted EMAILADDRESS certificate.

The list of IdP Certificates includes all of those that are enabled on the Administration > Certificates >Trust List

page. Refer to Certificate Trust List on page 447 for more information.

5. Navigate to the SAML IdP Configuration tab.

6. To download IdP metadata for a specific IdP, enter the name of the IdP portal and then click the Download

button.

7. To configure an SAMLservice provider, click the Add SP metadata button.

8. Specify the name of the service provider, browse to locate the metadata file, and click Upload.

9. Click Save.