beautypg.com

Overview, Supported devices, Supported devices -2 – HP Identity Driven Manager Software Series User Manual

Page 146

background image

4-2

Using the Secure Access Wizard
Overview

Overview

The Secure Access Wizard (SAW) feature in IDM is designed to simplify the
initial setup of IDM by reducing the complexity of securing the network edge.
SAW facilitates the process of securing the network edge by targeting a group
of devices and using a highly intuitive GUI to configure network access rather
than configuring each device via CLI. Some major features of SAW include:

Setting the RADIUS server IP address and shared secret for a group
of devices.

Setting the authentication methods for a group of devices.

Configuring the authentication methods.

Once you have decided to deploy IDM, you now need to secure the network
edge by enforcing 802.1X, Web-Auth, MAC-Auth, or any combination of the
three (if supported). There are several steps involved when a securing an edge
device, in no particular order they are:

All supplicant ports need to be configured with 802.1X, Web-Auth or
MAC-Auth (preferably 802.1X for a more secure environment).

If 802.1X is chosen, the next step is choosing the authentication
protocol, EAP or CHAP.

Enabling session accounting so that IDM correctly detects user login
and log out.

Optionally setting the interim update period.

Optionally setting the re-authentication time-out.

Adding the RADIUS server and the shared secret (key).

Activating the port authenticator.

These steps need to be executed on all edge devices and will vary between
wired and wireless devices.

Supported Devices

The Secure Access Wizard feature is on ProCurve devices that support use of
802.1X, Web-Auth, and MAC-Auth access control methods. For a complete list
of what features are supported on each device, refer to the tables in Appendix
A under “Device Support for IDM Functionality”.

This manual is related to the following products: