Header Only - DO NOT REMOVE - Extreme Networks

Registration with Azure AD via Open ID Connect


I see ExtremeConnect 8.1 allows custom Open ID Connect providers, has anyone done this to authenticate to an Azure AD tenant? What username shows up? Can I then match that against an LDAP group for authorization? Pass the username to other applications with ExtremeConnect? Provision a custom I-SID?

The reason I want to auth to Azure AD is to just have laptops auth with their machine account to WPA2-Enterprise wireless but then authenticate the user at the network layer (since switching between machine and user auth at the wireless layer slows down unlocking/resuming from sleep). And pass that information to our web filter via the Lightspeed RADIUS integration, and of course do policy based on group membership.

1 reply

Userlevel 2
James, not possible today. In ExtremeControl, Open ID is designed to be used for guest registration. It cannot be used for 802.1x auth flow at this time. I would suggest to create an FR (Feature Request) by everyone who needs this type of feature. I would like to know the details of the various use cases. But right now you cannot use Open ID for user access flow.

Thanks!

Shmulik

Reply