How does this application work?
Envoy sends visitor information to ClearPass, which then provisions temporary Wi-Fi access credentials to your network. Upon sign-in, the visitor will receive an email (if you collect visitor email addresses) or text message (if you collect visitor phone numbers) with username and password information for Wi-Fi access.
For this app to work, you must collect visitor email addresses at sign-in. Learn more about how to configure your Envoy sign-in fields.
Envoy does not send emails with this app. In order to send emails to visitors, this must be configured in the ClearPass gateway. Envoy will send an SMS so long this option is selected in the app configuration and phone number is collected in the sign-in flow.
For this app to work, you must collect visitor email addresses at sign-in. Learn more about how to configure your Envoy sign-in fields.
Enabling the Envoy + Aruba ClearPass application
To get started with this app, please head to this Application Guide which will provide you with everything you need to set things up within both Aruba ClearPass and Envoy. The key steps from the Envoy side are:
Go to Apps > All Apps.
Under Wi-Fi, find Aruba ClearPass, and click “Install.”
Step 1: Setup Instructions
Complete the ClearPass Extension setup in Aruba ClearPass. You will receive a ClearPass tenantName. Please see the Aruba ClearPass + Envoy Integration Guide for more information.
The Skyhook tenant ID is only valid for 1 year. After that year you will need to get a new one following these same steps.
Note your Envoy app Install Token to be input in the Clearpass Envoy extension configuration JSON.
Click Next Step
Step 2: ClearPass tenantName
In Envoy settings, paste your skyhookTenant into the ClearPass tenantName field.
Envoy Locations to Tenant Names(Optional): If you have multiple ClearPass accounts, you can add a second tenantName in the Secondary ClearPass tenantName field.
If you add a secondary tenantName, you must also select the locations to associate with the secondary tenantName.
All locations not selected in the Secondary location mapping field will be associated with your primary tenantName.
Block by Location (OPTIONAL): Selected Locations will not be provisioned credentials for visitors
Block by Visitor Type (OPTIONAL): Selected Visitor types will not be provisioned credentials.
Only invited guests will receive credentials: check this box to require an invite in order for credentials to be provisioned.
SKYHOOK API HOST (OPTIONAL): Only enter this if Aruba has provided it.
Step 3: ClearPass SMS Config
Select an SMS Gateway
ClearPass SMS Gateway: SMS will come from ClearPass
Envoy SMS Gateway: SMS will com from Envoy's SMS service (Twilio)
If Envoy has been chosen, you can input an SMS template to be sent to Visitors.
"Deliver a branded message to your visitors. Use %USERNAME% and %PASSWORD% as placeholders for the delivered credentials."
Click Next Step
Step 4: Status Report
Once the Envoy ClearPass Extension is activated, it will automatically begin provisioning Wi-Fi credentials for visitors. You can see the status of the application and any failures that have occurred on your Installed apps page under Aruba ClearPass.
We suggest signing in a test visitor and ensuring that you get the credentials to via Email and SMS (if applicable). You can also view the credentials from the dashboard by clicking into a visitor entry.
Aruba Clearpass + Envoy Workplace
Envoy now allows the ability to auto-check in employees when they connect to your company's wifi network.
This functionality is in BETA and there may be limited availability.
Step 1: Setup Envoy as an Endpoint Context Server
In the the Envoy App-Store, find Aruba ClearPass (Workplace) and install.
On Step 1, use the values populated here to configure an Endpoint Context Server in the Aruba ClearPass Policy Manager.
Endpoint Context Server Configuration
In the Aruba ClearPass Policy Manager, navigate to Administration → External Servers → Endpoint Context Servers
Click the “Add” button on the top-right to add an Endpoint Context Server.
On the “Add Endpoint Context Server” modal, fill in the values from the Envoy App-Store setup step #1, and click update.
Step 2: Clearpass Configuration
On the App-Store, Click “Next Step” to continue to “Clearpass Configuration” step.
Fill in the fields according to your configuration.
These fields will require you to locate the corresponding field labels from a Wifi Connection request on an Aruba ClearPass Policy Manager account. Aruba ClearPass Policy Manager > Monitoring > Live Monitoring > Access Tracker
Description of each field:
Location Filtering:
Name of the Wifi Network(s) that you wish to apply auto check-in functionality.
Username Attribute:
The attribute that holds the employee’s email on the connection event.
MAC address attribute:
The attribute that holds the employee device’s MAC address.
Location attribute:
The attribute used to determine where the Wifi connection request happened.
Timestamp attribute:
The attribute that holds when the Wifi connection request happened
Step 3: Setup Context Server Action
The values in this step will be used to create a context server action in the Aruba ClearPass Policy Manager.
Note: the Content-Type field is generated based on the information entered into Step 2.
How to create a Context Server Action:
In Aruba ClearPass Policy Manager, navigate to: Administration → Dictionaries → Context Servers Actions
Click the “Add” button on the top-right to add an Context Server Action
Use the values from the App-Store setup step 3 to create a Context Server Action.
Step 4: Setup Enforcement Policies
Create an enforcement profile in Aruba ClearPass Policy Manager using the values populated here.
How to create the Enforcement Profiles
In Aruba ClearPass Policy Manager, go to Configuration > Enforcement > Profiles and click the "Add" button in the top right corner.
On the "Profile" tab, fill in the values from Step 4 of the integration installation from the Envoy dashboard.
Template: "Session Notification Enforcement"
Go to the "Attribute" tab and add the attributes with the values from Step 4 as well.
Save the Profile
Add another Profile
On the “Profile” tab of the Enforcement profile creation form, use the values under the Envoy Default Profile “Profile Details” section of setup step 4 to complete the form.
Template: "Aruba RADIUS Enforcement"
Go to the the “Attributes” tab and use the values under the Envoy Default Profile “Attributes Details” section of setup step 4 to complete the form.
Save the Profile
Step 5: Setup Enforcement Policies
The values shown on this step will be used to create an enforcement policy in Aruba ClearPass Policy Manager.
How to create the Enforcement Policy
In Aruba ClearPass Policy Manager, go to Configuration > Enforcement > Policies and click the "Add" button in the top right corner.
Go the the Enforcement tab and using the values from Step 5, fill out the the form.
Go the Rules tab, and add the values from Step 5.
Click Save.
On the integration configuration in the Envoy App-Store, click "Complete Setup"