cancel
Showing results for 
Search instead for 
Did you mean: 

How to DEMO an Authentication server in a workflow without AD, LDAP, or SAML

sagar_kuber
RUCKUS Team Member

In Cloudpath we have an 'internal user database' this can be used for Demos and even a POC. It does provide you with the ability to save local credentials and also assign group membership to them. The group membership comes in VERY handy when you are doing things like SPLITs in a workflow.

Let’s configure a LOCAL server for DEMOING:

• Click on Configuration
• Click on Authentication Servers
• Scroll down to “Use Onboard Database”
(you can deselect “Include Admin Accounts” if you would prefer to NOT allow these users to log into Cloudpath as a local administrator.

sagar_kuber_0-1681286543255.png

• Click on Save at the top

In the authentication server list, you will now see “Onboard Database …. DB”

sagar_kuber_1-1681286593832.png

Let’s create some users! In this example, I am going to stick with a campus environment. We will have two types of users, Students and Faculty.
• Click the Disclosure Triangle beside “Server 1” to expand the menu:

sagar_kuber_2-1681286710190.png

• Click on the Button “Add User”
• Fill out the information, as you can see, you can add Group membership here! We will use this in our workflow. I have created a single user as a “student”

sagar_kuber_3-1681286767757.png

• Click on Save

Let’s create the Faculty member:
• Open the server disclosure triangle again
• Click on Add User
• Enter in the group “faculty” for this user:

sagar_kuber_4-1681286810165.png

• Click on Save

Workflow:
In the workflow, add an authentication server. In our workflow, I am going to insert a step after Step 1 to “Authenticate to a traditional authentication server”

sagar_kuber_5-1681286860663.png

• Add the “Authenticate to a traditional authentication server” after Step 1
• Select “Reuse an existing Authentication server” and select your internal DB:

sagar_kuber_6-1681286904143.png

• Click on Next
• Edit the Credential prompt screen to your liking, I will leave this as the default.
• Click on Save

Workflow so far:

sagar_kuber_7-1681286947006.png

Add a split! In this step, we will automatically select a split in the workflow for the end user based on group membership. I will create a split and a filter for “student” and “faculty”

• Insert a step after Step 2
• Select “Split users into different branches”
• Select “Use a new split.”
• Click Next
• Enter in a display name and two options, one for student and one for faculty:

sagar_kuber_8-1681286999255.png

• Click on Save
• Your workflow should appear similar to this:

sagar_kuber_9-1681287047697.png

• Click the blue pencil beside the word “students”
• Open up “Filters & Restrictions”
• In the field “Group Name Pattern:” enter in Student

sagar_kuber_11-1681287217735.png

• Click on Save
• In the workflow, you will see that there is a filter button beside students now, if you hover over it, you will see that if the condition is matched, the end user will automatically be put into that part of the workflow!

sagar_kuber_12-1681287267910.png

• Do the same for “Faculty” in the split, but obviously use the Group Name Pattern “faculty” in that split.
• Now, the rest of the workflow is up to you. If you want Students to get a EAP-TLS certificate with a Student template or get a DPSK from a pool create that in the workflow, for Faculty, this can be a completely different experience.
• In my example, I am just providing a message stating either Student or Faculty, so when I test this, I can immediately see the result!

sagar_kuber_13-1681287323094.png

Let’s try it!

• Publish your workflow!
• Click on the URL to start onboarding
• Results of the student onboarding:

sagar_kuber_14-1681287375908.png

• Results of the faculty onboarding:

sagar_kuber_15-1681287410580.png

Success!

0 REPLIES 0