LDAP has been a part of many network and security teams’ life since what seems like the dawn of time. It’s that friendly, easy to use protocol that lets ClearPass look up users, validate their password and tell us that Alice is in department A and Bob is department B. Then “the cloud” happened and brought along this whole cloud-managed identity and access management idea. This made some things like network authentication a bit more complicated and often required a local server to be synced with the cloud to provide LDAP services to local resources, like ClearPass.
For many years, we’ve provided the ability to onboard devices using Google Cloud Identity-managed accounts (formerly G Suite and Google Apps) using modern protocols like Security Assertion Markup Language (SAML) and OAuth 2.0. This provides a familiar experience to end users and also ensures that passwords are never sent during network authentication. After all, we’re very rapidly moving towards a passwordless world. One piece that was missing in this workflow when there was no on-premises server was the ability to do real-time authorization as the user continuously authenticates to the network. Things like checking if the user account is still active, checking if groups or other attributes have changed. All things we’ve been spoiled within a traditional LDAP world.
Today, we’re excited to announce that we’ve partnered with Google’s Cloud Identity team to validate their new secure LDAP service with ClearPass to build secure and flexible network policies using Google organizational accounts. ClearPass can leverage this new cloud secure LDAP service for real-time user authorization during network authentication flows.
Check out the updated ClearPass Configuration Guide for Onboard and Cloud Identity Providers here.
