Dell Powerconnect W-ClearPass Virtual Appliances W-ClearPass Guest 6.0 Deploym - Page 248
Creating a New Operator, External Operator Authentication
View all Dell Powerconnect W-ClearPass Virtual Appliances manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 248 highlights
Creating a New Operator To create a new operator or administrator for ClearPass Guest or AirGroup, some steps are performed in ClearPass Policy Manager (CPPM), and some steps are performed in ClearPass Guest, as described below: 1. Create an operator profile in ClearPass Guest, or use an existing one. See "Operator Profiles " on page 242. To create AirGroup users, choose either the AirGroup Administrator or AirGroup Operator profile, as appropriate. These profiles are automatically included in ClearPass Guest when the AirGroup Services plugin is installed. 2. Create a CPPM role for the operator: In ClearPass Policy Manager (CPPM), go to Configuration > Identity > Roles and create a role that matches the operator profile. Refer to the ClearPass Policy Manager documentation for information on creating the role. 3. Create a local user for the operator: In CPPM, go to Configuration > Identity > Local Users. Select the CPPM role defined for the user. Refer to the ClearPass Policy Manager documentation for information on creating the local user. 4. Create a translation rule to map the CPPM role name to the ClearPass Guest operator profile: In ClearPass Guest, go to Administration > Operator Logins > Translation Rules. 5. In the Translation Rules list, choose the profile, then click its Edit link. 6. Edit the fields appropriately to match the CPPM role name to the ClearPass Guest operator profile. See "LDAP Translation Rules " on page 254. 7. Click Save Changes. External Operator Authentication Operators defined externally in your company's directory server form the second type of operator. Authentication of the operator is performed using LDAP directory server operations. The attributes stored for an authenticated operator are used to determine what operator profile should be used for that user. The Manage Operator Servers and the Translation Rules commands allow you to set up operator logins integrated with a Microsoft Active Directory domain or another LDAP server. NOTE: The operator management features, such as creating and editing operator logins, apply only to local operator logins defined in ClearPass Guest. You cannot create or edit operator logins using LDAP. Only authentication is supported. 248 | Creating a New Operator Dell Networking W-ClearPass Guest 6.0 | Deployment Guide