Skip to main content

Aruba Central

Learn how to easily automate the delivery of WiFi credentials

Updated over 3 weeks ago

How does this app work?

For Envoy Visitors, the integration facilitates seamless Wi-Fi provisioning as visitors sign into the workplace, ensuring they have the necessary access right from the start.


For Workplace, Envoy leverages Wi-Fi sign-in events to automatically track employee attendance. This not only simplifies the process of managing employee presence but also provides real-time data on who is currently in the office, enhancing overall workplace efficiency and security.

PREREQUISTES:

  1. You must be an admin in order to set up this integration.

  2. In order to send Aruba credentials to your visitors, you must use a sign-in flow that captures an email or a phone number

  3. Splash pages must be configured according to the criteria listed in this article. If the splash page is not configured correctly, you will not be able to select splash pages during setup.

Enabling the Aruba Central app in Envoy

Splash Page Requirements:

Create a splash page in Aruba Central under “Guests" → "Splash Pages”


Splash pages must meet the following criteria:

  • The type must be set to “Authenticated”

  • “Username/Password” must be toggled on

  • Self-registration must be toggled off

  • Choose “Session Timeout” (defaults to 8 hours)

Step 2 (Customization) and 3 (Localization) can be set to your preferences!

Aruba Central + Envoy Configuration

This app is configured per location. If using multiple locations, then the app must be installed at each location.

Navigate to Apps on the Envoy Dashboard and install Aruba Central


Step 1: About

Authorize the app and proceed to step 2 when ready.


Step 2: API Access

  1. Base URL: Envoy needs to know where to send information when we're creating credentials in Aruba Central.

    1. The Base URL can be found in Aruba Central from the Account Home → Organization → API Gateway → APIs. This section will show API urls listed in "All Published APIs". If there is more than one, you can copy and paste either of the URLs into the Base URL field.

  2. Aruba Username:

    1. Enter your admin username

  3. Aruba Password:

    1. Enter your admin password

  4. Aruba Customer ID:

    1. Enter your Customer ID. The Customer ID is found by clicking the person (profile) icon in the top right corner Aruba central web portal.

API Client ID and API Client Secret

  1. This can be found in Account Home → Organization → API Gateway → System Apps & Tokens. You may need to add a new token.

Step 3: Workplace

Envoy offers the convenience of automatically signing in employees when they connect to your workplace's Wi-Fi network. This feature not only simplifies the process of tracking real-time office attendance but also helps provide valuable over-time analytics to monitor employee presence.

By leveraging this capability, organizations can easily understand and analyze patterns of office attendance, ensuring a comprehensive view of who is in the office at any given time and making it easier to optimize workspace utilization and enhance operational efficiency.

Envoy Configuration: Health check/Registration questions must be disabled. To disable questions, go here, click advanced settings under the Employee reservation flow, and disable the questionnaire.

Auto-sign out must be enabled in Location Settings. If auto-sign out is disabled, then employees will remain signed in to the workplace and will not be signed in the next day with their badge swipes.

Workplace Configuration Options

First, select where you would like to track connection events in Aruba:

  • Network Name(s)

  • Site Name(s)

  • Match Network and Site Name

Then, choose one of the following ways to track authentication events in Aruba.

1. Identity Authentication with User Email

Envoy will use the email address information from the Identity field in authentication events within Aruba to sign the employee into Envoy.

Aruba Configuration: To capture an employee's network connection event successfully, the authorization method for the selected network must use an email that matches an employee in Envoy's directory. We also currently only track events where the client_type = 'WIRELESS'.

For instance, 802.1X RADIUS authentication will capture a username (which must be an email that matches an employee in the Envoy directory). Envoy monitors the network logs and uses that email to sign the employee into the workplace.

This ensures that the network events are properly linked to the corresponding employee in the Envoy system.

2. Device Authentication with Mac Address

Upload a mapping of MAC address to employee email via CSV. When an authentication event matches a mac address on the uploaded CSV, then Envoy will check-in the associated employee's email.

The .CSV file must list one record per row

  • MAC address and employee email are required for each record

  • Example csv file:

email, mac_address
[email protected], 1a:2b:3c:4d:5e:6f

Step 4: Visitor Splash Page

Select your desired splash page from the drop-down of splash pages.

If you see your splash page but cannot select it then this indicates the splash page does not conform to our requirements. You can revisit our "Requirements" section in this article for more information.


Step 5: Visitor Access

  1. Access Duration:

    1. Select a default access duration from the drop-down for Wifi credentials issued for this integration

  2. Default Access Map:

    1. Select the default Aruba access type (Splash Page) to issue to Visitors. Use next section for custom mapping to flow.

  3. Aruba Guest Account to Envoy Flow

    1. This step is optional and will allow you to exempt individual flows from the default Aruba access type or completely exempt from access to Aruba central.

  4. Select the Visitor Types which should receive WiFi credentials upon sign-in / or invite

    1. Select one or multiple visitor flows to receive credentials.

  5. Anonymize Aruba Central username for Envoy visitors

    1. Check this box to anonymize and hide the Aruba Central username for Envoy Visitors

  6. Restrict WiFi access to only visitors which were invited

    1. Wifi access will only be granted if there is an invite created for the Visitor if this box is checked.

  7. Expire WiFi credentials upon sign-out from Envoy.

    1. Wifi credentials will not work after the visitor is signed out if this box is checked.

Credentials viewed in Aruba Central

Credentials generated by Envoy will follow this format, based on the visitor information and configuration set up in Envoy:

Credentials viewed in Envoy:



Related Articles
Aruba ClearPass
Cisco Meraki
Feenics Access Control
Enabling employee auto check-in
Datawatch
Did this answer your question?