How does this application work?
Envoy sends visitor information to ClearPass, which then provisions temporary Wi-Fi access credentials to your network. Upon sign-in, the visitor will receive an email (if you collect visitor email addresses) or text message (if you collect visitor phone numbers) with username and password information for Wi-Fi access.
For this app to work, you must collect visitor email addresses at sign-in. Learn more about how to configure your Envoy sign-in fields.
Enabling the Envoy + Aruba ClearPass application
To get started with this app, please head to this Application Guide which will provide you with everything you need to set things up within both Aruba ClearPass and Envoy. The key steps from the Envoy side are:
Go to Apps > All Apps.
Under Wi-Fi, find Aruba ClearPass, and click “Install.”
Note your Envoy app Install Token to be input in the Clearpass Envoy extension configuration JSON.
Complete the ClearPass Extension setup in Aruba ClearPass. You will receive a ClearPass tenantName. Please see the Aruba ClearPass + Envoy Integration Guide for more information.
*NOTE* The Skyhook tenant ID is only valid for 1 year. After that year you will need to get a new one following these same steps.
Back in Envoy settings, paste your skyhookTenant into the ClearPass tenantName field.
Optional: If you have multiple ClearPass accounts, you can add a second tenantName in the Secondary ClearPass tenantName field. If you add a secondary tenantName, you must also select the locations to associate with the secondary tenantName. All locations not selected in the Secondary location mapping field will be associated with your primary tenantName.
After selecting an SMS Gateway, click “Complete Setup.” Once the Envoy ClearPass Extension is activated, it will automatically begin provisioning Wi-Fi credentials for visitors. You can see the status of the application and any failures that have occurred on your Installed apps page under Aruba ClearPass.
We suggest signing in a test visitor and ensuring that you get the credentials to via Email and SMS (if applicable). You can also view the credentials from the dashboard by clicking into a visitor entry.
Aruba Clearpass + Envoy Workplace
Envoy now allows the ability to auto-check in employees when they connect to your company's wifi network.
Step 1: Setup Envoy as an Endpoint Context Server
In the the Envoy App-Store, find Aruba ClearPass (Workplace) and install.
On Step 1, use the values populated here to configure an Endpoint Context Server in the Aruba ClearPass Policy Manager.
Endpoint Context Server Configuration
In the Aruba ClearPass Policy Manager, navigate to Administration → External Servers → Endpoint Context Servers
Click the “Add” button on the top-right to add an Endpoint Context Server.
On the “Add Endpoint Context Server” modal, fill in the values from the Envoy App-Store setup step #1, and click update.
Step 2: Clearpass Configuration
On the App-Store, Click “Next Step” to continue to “Clearpass Configuration” step.
Fill in the fields according to your configuration.
Description of each field:
Name of the Wifi Network(s) that you wish to apply auto check-in functionality.
The attribute that holds the employee’s email on the connection event.
MAC address attribute:
The attribute that holds the employee device’s MAC address.
The attribute used to determine where the Wifi connection request happened.
The attribute that holds when the Wifi connection request happened
Step 3: Setup Context Server Action
How to create a Context Server Action:
In Aruba ClearPass Policy Manager, navigate to: Administration → Dictionaries → Context Servers Actions
Click the “Add” button on the top-right to add an Context Server Action
Use the values from the App-Store setup step 3 to create a Context Server Action.
Step 4: Setup Enforcement Policies
Create an enforcement profile in Aruba ClearPass Policy Manager using the values populated here.
How to create the Enforcement Profiles
In Aruba ClearPass Policy Manager, go to Configuration > Enforcement > Profiles and click the "Add" button in the top right corner.
On the "Profile" tab, fill in the values from Step 4 of the integration installation from the Envoy dashboard.
Template: "Session Notification Enforcement"
Go to the "Attribute" tab and add the attributes with the values from Step 4 as well.
Save the Profile
Add another Profile
On the “Profile” tab of the Enforcement profile creation form, use the values under the Envoy Default Profile “Profile Details” section of setup step 4 to complete the form.
Template: "Aruba RADIUS Enforcement"
Go to the the “Attributes” tab and use the values under the Envoy Default Profile “Attributes Details” section of setup step 4 to complete the form.
Save the Profile
Step 5: Setup Enforcement Policies
The values shown on this step will be used to create an enforcement policy in Aruba ClearPass Policy Manager.
How to create the Enforcement Policy
In Aruba ClearPass Policy Manager, go to Configuration > Enforcement > Policies and click the "Add" button in the top right corner.
Go the the Enforcement tab and using the values from Step 5, fill out the the form.
Go the Rules tab, and add the values from Step 5.
On the integration configuration in the Envoy App-Store, click "Complete Setup"