Manualshelf

Deployment Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
81828384858687888990
86 | Onboard + WorkSpace Dell Networking W-ClearPass Guest 6.3 | User Guide
1. Pre-provisioning. The enterprise’s root certificate is installed on the iOS device.
2. Provisioning. The user is authenticated at the device provisioning page and then provisions their device with the
Onboard server. The device is configured with appropriate network settings and a device-specific certificate.
3. Authentication. Once configuration is complete, the user switches to the secure network and is authenticated using
an EAP-TLS client certificate.
A sequence diagram showing the interactions between each component of this workflow is shown in Figure 15.
Figure 15 Sequence Diagram for the Onboard Workflow on iOS Platform
1. When a BYOD device first joins the provisioning network it does not have a set of unique device credentials. This
will trigger the captive portal for that device, which brings the user to the mobile device provisioning page.
2. A link on the mobile device provisioning page prompts the user to install the enterprise’s root certificate. Installing
the enterprise’s root certificate enables the user to establish the authenticity of the provisioning server during device
provisioning.
3. The user then authenticates with their provisioning credentials these are typically the users enterprise credentials
from Active Directory. If the user is authorized to provision a mobile device, the over-the-air provisioning
workflow is then triggered (see Figure 16, below).
4. After provisioning has completed, the device switches to EAP-TLS authentication using the newly provisioned
client certificate. Mutual authentication is performed (the authentication server verifies the client certificate, and the
client verifies the authentication server’s certificate).
5. The device is now onboard and is able to securely access the provisioned network.
Over-the-air provisioning is used to securely provision a device and configure it with network settings. Figure 16
shows a sequence diagram that explains the steps involved in this workflow.