Registration with Azure AD via Open ID Connect

  • 0
  • 1
  • Question
  • Updated 3 weeks ago
I see ExtremeConnect 8.1 allows custom Open ID Connect providers, has anyone done this to authenticate to an Azure AD tenant? What username shows up? Can I then match that against an LDAP group for authorization? Pass the username to other applications with ExtremeConnect? Provision a custom I-SID?

The reason I want to auth to Azure AD is to just have laptops auth with their machine account to WPA2-Enterprise wireless but then authenticate the user at the network layer (since switching between machine and user auth at the wireless layer slows down unlocking/resuming from sleep). And pass that information to our web filter via the Lightspeed RADIUS integration, and of course do policy based on group membership.
Photo of James A

James A, Embassador

  • 7,338 Points 5k badge 2x thumb
  • hopeful

Posted 2 months ago

  • 0
  • 1
Photo of Shmulik

Shmulik, Employee, PLM for ExtremeGuest and ExtremeControl

  • 454 Points 250 badge 2x thumb
James, not possible today. In ExtremeControl, Open ID is designed to be used for guest registration. It cannot be used for 802.1x auth flow at this time. I would suggest to create an FR (Feature Request) by everyone who needs this type of feature. I would like to know the details of the various use cases. But right now you cannot use Open ID for user access flow.

Thanks!

Shmulik