ClearPass Policy Manager
Orchestrator > HPE Integration Services > ClearPass Policy Manager
Orchestrator supports association with ClearPass Policy Manager, which provides role-based and secure network access for devices. This integration provides user and role information for an IP address, which you can view on the Flows and Top Talkers tabs of Orchestrator.
The ClearPass Policy Manager tab displays information about users and devices provisioned to access your network via ClearPass. The searchable information on this tab includes details such as username, IP address, and role.
You can apply the following filters to your ClearPass logs:
-
To determine which actions you want to display in the table, select the All, Active, or Historical filters.
-
To refresh or pause the table, select Auto Refresh or Pause. By default, the table refreshes automatically.
-
To limit the filtering criteria, enter a value in the Record Count field. The default value is 500, and the maximum value is 10,000.
-
To filter by date and time, enter values in the From and To fields.
-
To search for a specific username, enter a value in the User field. You can search a wild card character (*) as a username using the following schema:
-
x* = anything that starts with the entered value
-
*x = anything that ends with the entered value
-
-
To search for a specific IP address, enter a value in the IP field.
To export a .csv file of your table, click Export.
| Field | Definition |
|---|---|
| Start Time | Time when the device began its network session. |
| End Time | Time when the device ended its network session. |
| CPPM | ClearPass Policy Manager server used to authenticate. |
| IP Address | IP address authenticated to the network. |
| Username | Username authenticated to the network. |
| Role | Role assigned to the user that authenticated to the network. |
| Device Type | Device type used to connect to the network. |
| MAC Address | MAC address of the system connecting to the network. |
| Posture | Security health posture of the connected device. |
| Location ID | Location ID of the user connecting to the network. |
| Protocol | Type of authentication server used to connect to the network. |
| Details | All user information sent from CPPM but not required by Orchestrator. Values are in JSON format. |
Manage ClearPass Policy Manager Accounts
To view and manage ClearPass accounts that are associated with Orchestrator, click Accounts on the ClearPass Policy Manager tab.
NOTE: Before you begin the ClearPass Policy Manager (CPPM) configuration in Orchestrator, you must have a ClearPass account to authenticate and authorize Orchestrator. If you do not have these credentials, contact your system administrator.
View ClearPass Policy Manager Accounts
The ClearPass Policy Manager Accounts dialog box displays the following information about ClearPass accounts that are already associated with Orchestrator:
| Field | Definition |
|---|---|
| Edit | Click the icon to edit your CPPM instance. |
| Name | Name of your CPPM instance. |
| Domain/IP | Domain or URL of your CPPM instance. |
| Connectivity | Status of the connection between Orchestrator and your CPPM instance. The status may appear as Connected, Connecting, Auth Failed, and Unreachable. |
| Service Status | Status of your CPPM instance. A status other than Connected could indicate a problem with your CPPM configuration. To troubleshoot, click the Info icon, and then reset any service that is not currently connected. |
| Pause | To pause the connection for your CPPM instance, click this toggle. |
Add a ClearPass Policy Manager Server
Follow the steps below to add a new ClearPass Policy Manager account.
-
If not already opened, click Accounts to open the ClearPass Policy Manager Accounts dialog box.
-
Click +Add New Server.
The ClearPass Policy Manager Server Configuration dialog box opens.
-
Enter the following information:
Field Definition Name Name of your CPPM instance. Domain/IP Domain or URL of your CPPM instance. Client ID Client ID generated from your CPPM account. Secret Key Secret key generated from your CPPM account. Verify server certificate If you are using cloud instances of both CPPM and Orchestrator, or if you are using an on-premise instance of CPPM with a valid certificate, select this check box.
If you are using an on-premise instance of Orchestrator or an on-premise instance of CPPM without a valid certificate, clear this check box. -
Click Save.
Your CPPM instance now appears in the ClearPass Policy Manager Accounts dialog box. The Connectivity and Service Status fields should both appear as Connected.
Edit a ClearPass Policy Manager Server
-
If not already opened, click Accounts to open the ClearPass Policy Manager Accounts dialog box.
-
Click the Edit icon next to the instance you want to edit.
The ClearPass Policy Manager Server Configuration dialog box opens.
-
Edit the information in the dialog box, and then click Save.
Pause ClearPass Policy Manager Integration
To pause the integration between CPPM and Orchestrator, click Pause Orchestration from the ClearPass Policy Manager tab.
NOTE: Clicking Pause Orchestration pauses the connection between all instances of CPPM configured in Orchestrator. To pause an individual instance, click Accounts, and then click the toggle under Pause for the instance you want to pause.