Alert EnterpriseWiki

Aruba ClearPass

HPE Aruba Networking·AE_HSc_ClearPassConnectorGuide

IAMactiveHPE Aruba ClearPass Application Software 6.8.x through 6.12.x
Transports
rest
Direction
bidirectional
Authentication
ClearPass API Client Bearer Token
Last updated
2024-12-20
Compare with another connector →Open in composer →

Overview

The Aruba ClearPass connector integrates AlertEnterprise Guardian with HPE Aruba ClearPass Policy Manager — Aruba's enterprise NAC (Network Access Control) platform, the primary competitor to cisco-ise in the network access space. ClearPass governs network authentication for wired, wireless, VPN, and BYOD access, with strong 802.1X and RADIUS integration.

Like Cisco ISE, ClearPass scope is network access rather than application access — it sits at the network-authentication boundary, deciding which users / devices can authenticate onto the network and applying segmentation policies. AE Guardian provisions ClearPass Local Users (the local identity store ClearPass maintains for guest / contractor populations) and reconciles user data back to Guardian for governance purposes.

Architecture: AE Guardian → ACF → Alert ClearPass Connector → ClearPass REST API → ClearPass Policy Manager. Standard HTTPS REST with bearer-token auth.

Architecture

Composed from this connector's actors + edges. Trust zones are color-coded; trust crossings render as thicker lines.

Composing diagram — running ELK layout5 actors · 4 edges

Authentication

1 method supported

ClearPass API Client Bearer Token
bearer-token

ClearPass authenticates via an API Client configured in the ClearPass admin UI (Administration → API Services → API Clients). The API client uses OAuth 2.0 client credentials grant to obtain a bearer token. The connector exchanges client_id + client_secret for an access token and uses it on subsequent REST calls.

Credential storage
Encrypted in AE connector configuration.

Prerequisites

Everything that must be in place for this connector to work, with the owner who's responsible.

ClearPass deployment with API Services enabled

customer

An operational ClearPass Policy Manager 6.8.x-6.12.x deployment with API Services enabled and an API Client configured for the AE integration.

ClearPass API Client with required scopes

customer

ClearPass admin creates an API Client under Administration → API Services → API Clients, configures appropriate operator scope (must include Guest User / Local User management).

SSL certificate trust

ae

ClearPass SSL certificate imported into the AE host's JVM cacerts keystore via keytool -importcert.

IAM specifics

Protocol support
OIDC
no
SAML
yes
SCIM
no
JIT provisioning
unknown
Group sync mode
flat
Source of record
No
MFA model

MFA enforced at the ClearPass network-access policy layer. AE does not configure ClearPass MFA policies.

Default attribute mapping

ClearPass Local User attributes (UserName, Password, Role, ExpiryDate, GuestEnable status).

Source materials
  • src/connectors/clear-pass/source.pdf Full connector guide — 17 pages, updated 2024-12-20
  • src/connectors/clear-pass/source.pdf p5 — Supported Version
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.