@bbergstein][/url hmmm can't find much documentation online about what features/improvements this integration would provide (we don't need Aruba WorkSpace for iOS) our Mac OS clients enrolled in JSS. We have a big BYOD. 90% of the devices on our WLAN are not enrolled in our JSS. We don't have any serious issues with wifi w/o the JSS integration and Feel strongly if it isn't broken, don't fix it'
Last point- I'm very excited for ClientMatch feature on the soon to be released ArubaOS - occasionally We see sticky client issues... Thinking out loud here with the hope someone has more info for us :)
We recently implemented ClearPass with JSS. We assumed ClearPass was using the API and we setup a proxy account so it can grab the information it needs from JSS. We ran into a hiccup where it wasn't grabbing all the machines and this was due to the fact we had setup multiple sites and during the login and gathering of the computer information it was defaulting to a smaller site. Other than that, it's been working pretty well.
ClearPass needs full access to the JSS and API though I have yet to see documentation explaining why that level of access is necessary. We are experiencing difficulties with ClearPass seeing newly enrolled iPads correctly (which prevents newly enrolled devices from access our new WiFi).
Was able to get it pulling info from the JSS with audit permissions - didn't want it to have write.
Anyone been successful with clearpass using the info obtained from the JSS to populate device certs subject alt name fields via scep (without enrolling to clearpass)?
(The additional fields in the subject alt name that are created if you enrolled to clearpass.)
Or if it is possible to limit scep certificates to only devices already known? (the ones imported from the JSS).
I'm going to be following this thread for a bit. We're headed down this route as well. Actually, I'm really interested in figuring out whether or not we can use ClearPass as our method for authenticating devices against AD for certain types of authentication. At present we refuse to load AD bound accounts because of significant performance issues. Yet, since ClearPass knows who our users are based on AD credentials I'd love to use that for certain authenticated services such as PaperCut and the like.
Stood up AD, almost exclusively for this solution. Design was to have auth via AD and then also have AD's root CA trust ClearPass PKI, and CP will hand out individual certificates to machines. Seems like the SI that we're using for Aruba implementation is only used to deploying wireless solutions where the laptops are in AD, which ours are not (yet). Now looking at auth via Okta instead and I would love to implement API to JAMFPro (MacOS and managed iOS) and AirWatch (Win10). I'll update with the path we choose, anyone else please share your experiences.