Group-Based Device Sharing

AirGroup supports sharing AirGroup devices such as Apple TV, Printer, and so on to a User Group using ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method.. This is an add-on to the existing device sharing mechanisms such as username, user-role, and location-based device sharing using ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method.. A User Group is a logical association of users.

A user can be a part of groups that are defined in an active directory. User group attribute for each user is identified when a user is associated to a wireless network. This is initially identified in authentication module (authentication process). Authentication module sends RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  request to RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server as a part of 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication and the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server fetches the user group attribute in the form of VSA Vendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers. from the Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed.. Subsequently, AirGroup obtains this information from authentication module. This is similar to role of user, however, a user can be a part of more than one groups.

When AirGroup learns about a new device, it interacts with ClearPass Guest ClearPass Guest is a configurable ClearPass application for secure visitor network access management. to obtain the shared attributes. The shared group(s) attribute is also obtained along with the following attributes:

  • Device owner
  • Shared location(s)
  • Shared user(s)
  • Shared role(s)

The group based device sharing feature is supported in ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. 6.3 and higher versions.

A user can be a part of maximum 32 user groups. This needs to be defined as comma separated string in Active directory. Each group name can contain a maximum of 63 characters and the entire group name strings cannot exceed 320 characters.

The AirGroup policy engine is enhanced to compare the group membership of the user and shared groups to determine if a user can discover the specific AirGroup server or not.