ā05-10-2018 04:12 PM
I am looking at moving to NG and we have a bunch of people that have the ability to create guest accounts, these permissions come based on RADIUS attributes in HM Classic. How would I accomplish this in NG? Would every user have to be manually created? I do not want users to create another password to remember, can that information come from AD? I see SAML is also an option, has anyone been able to get this to work with ADFS?
Solved! Go to Solution.
ā05-22-2018 07:01 PM
Hi @Jesse Crossā ,
This is possible, and would require a Case for integration. I know you are currently considering NG as the next move, so for now we can setup the NG Instance, and integrate as a test during the Evaluation period.
I don't know the exact details about your current setup, but ultimately, if you are considering moving to NG, or already have an evaluation instance, please create a Case for SAML Integration.
This integration would provide SSO to the administration of the VHM. Then based on what type of user, they will be able to view whats permitted. So this should be what you are looking for, as it would allow specific users with existing RADIUS credentials to sign in to the VHM and view/create Guest Credentials.
Hope this helps, happy to assist,
David Souri
HiveCommunity Moderator
ā05-22-2018 07:01 PM
Hi @Jesse Crossā ,
This is possible, and would require a Case for integration. I know you are currently considering NG as the next move, so for now we can setup the NG Instance, and integrate as a test during the Evaluation period.
I don't know the exact details about your current setup, but ultimately, if you are considering moving to NG, or already have an evaluation instance, please create a Case for SAML Integration.
This integration would provide SSO to the administration of the VHM. Then based on what type of user, they will be able to view whats permitted. So this should be what you are looking for, as it would allow specific users with existing RADIUS credentials to sign in to the VHM and view/create Guest Credentials.
Hope this helps, happy to assist,
David Souri
HiveCommunity Moderator
ā05-22-2018 02:25 PM
Was talking about users... but i'd have to bow out of the SAML conversation since i'm not familiar. I know that Aerohive killed off IDM with NG which offered IAM authentication integration.
The only documentation I've used regarding radius attributes was with MS NPS, which works great. The only way i'm aware to set up radius with NG is using the 802.1x supplicantā¦. no other back-end tie-in's.
ā05-22-2018 01:33 PM
Jeremy not sure you understand what I am asking. Are you talking about managing client devices because that is not what I am looking for. I am interested in managing (Guest Management) users for the HiveManager web console. In Classic you could use Radius to allow access to guest management portal without having to create/manage users in hivemanager. This no longer looks like an option. I currently set up SAML so users do not need to remember two passwords but I still have to create each user in hivemanager because Aerohive's SAML integration does not create or allow assignment of policies based on SAML attributes.
ā05-17-2018 03:46 PM
If you want to stick with AD integration or RADIUS from AD, you can always delegate access to OU's in ADUC. Bit of a clunky interface to have your users manage, but there's lots of 3rd party options to pretty it up.
No write-back from HMOL to AD, so if you go with managing users via HMOL, passwords will change. 802.1x is the way to go for AD, and I have separate user groups that other users can manage just for guests.