Link Search Menu Expand Document

ClearPass Policy Manager

Orchestrator > Aruba Central > ClearPass Policy Manager

Orchestrator supports association with ClearPass Policy Manager, which provides role-based and secure network access for devices. This integration provides user and role information for an IP address, which you can view on the Flows and Top Talkers tabs of Orchestrator.

The ClearPass Policy Manager tab displays information about users and devices provisioned to access your network via ClearPass. The searchable information on this tab includes details such as username, IP address, and role.

You can apply the following filters to your ClearPass logs:

  • To determine which actions you want to display in the table, select the All, Active, or Historical filters.

  • To refresh or pause the table, select Auto Refresh or Pause. By default, the table refreshes automatically.

  • To limit the filtering criteria, enter a value in the Record Count field. The default value is 500, and the maximum value is 10,000.

  • To filter by date and time, enter values in the From and To fields.

  • To search for a specific username, enter a value in the User field. You can search a wild card character (*) as a username using the following schema:

    • x* = anything that starts with the entered value

    • *x = anything that ends with the entered value

  • To search for a specific IP address, enter a value in the IP field.

To export a .csv file of your table, click Export.

Field Definition
Start Time Time when the device began its network session.
End Time Time when the device ended its network session.
CPPM ClearPass Policy Manager server used to authenticate.
IP Address IP address authenticated to the network.
Username Username authenticated to the network.
Role Role assigned to the user that authenticated to the network.
Device Type Device type used to connect to the network.
MAC Address MAC address of the system connecting to the network.
Posture Security health posture of the connected device.
Location ID Location ID of the user connecting to the network.
Protocol Type of authentication server used to connect to the network.
Details All user information sent from CPPM but not required by Orchestrator. Values are in JSON format.

Manage ClearPass Policy Manager Accounts

To view and manage ClearPass accounts that are associated with Orchestrator, click Accounts on the ClearPass Policy Manager tab.

NOTE: Before you begin the ClearPass Policy Manager (CPPM) configuration in Orchestrator, you must have a ClearPass account to authenticate and authorize Orchestrator. If you do not have these credentials, contact your system administrator.

View ClearPass Policy Manager Accounts

The ClearPass Policy Manager Accounts dialog box displays the following information about ClearPass accounts that are already associated with Orchestrator:

Field Definition
Edit Click the icon to edit your CPPM instance.
Name Name of your CPPM instance.
Domain/IP Domain or URL of your CPPM instance.
Connectivity Status of the connection between Orchestrator and your CPPM instance. The status may appear as Connected, Connecting, Auth Failed, and Unreachable.
Service Status Status of your CPPM instance. A status other than Connected could indicate a problem with your CPPM configuration. To troubleshoot, click the Info icon, and then reset any service that is not currently connected.
Pause To pause the connection for your CPPM instance, click this toggle.

Add a ClearPass Policy Manager Server

Follow the steps below to add a new ClearPass Policy Manager account.

  1. If not already opened, click Accounts to open the ClearPass Policy Manager Accounts dialog box.

  2. Click +Add New Server.

    The ClearPass Policy Manager Server Configuration dialog box opens.

  3. Enter the following information:

    Field Definition
    Name Name of your CPPM instance.
    Domain/IP Domain or URL of your CPPM instance.
    Client ID Client ID generated from your CPPM account.
    Secret Key Secret key generated from your CPPM account.
    Verify server certificate If you are using cloud instances of both CPPM and Orchestrator, or if you are using an on-premise instance of CPPM with a valid certificate, select this check box.

    If you are using an on-premise instance of Orchestrator or an on-premise instance of CPPM without a valid certificate, clear this check box.
  4. Click Save.

Your CPPM instance now appears in the ClearPass Policy Manager Accounts dialog box. The Connectivity and Service Status fields should both appear as Connected.

Edit a ClearPass Policy Manager Server

  1. If not already opened, click Accounts to open the ClearPass Policy Manager Accounts dialog box.

  2. Click the Edit icon next to the instance you want to edit.

    The ClearPass Policy Manager Server Configuration dialog box opens.

  3. Edit the information in the dialog box, and then click Save.

Pause ClearPass Policy Manager Integration

To pause the integration between CPPM and Orchestrator, click Pause Orchestration from the ClearPass Policy Manager tab.

NOTE: Clicking Pause Orchestration pauses the connection between all instances of CPPM configured in Orchestrator. To pause an individual instance, click Accounts, and then click the toggle under Pause for the instance you want to pause.


Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.