Hello everyone. Welcome to this course about a ClearPass Integration with Google Cloud. My name is Ahmed in India. I am a certified instructor from Aruba Networks, in this course we will discuss different protocols and front methods to integrate a clear bass with Google Cloud. We will employ these protocols in typical scenarios we will configure anti stick scenarios in our labs. The agenda of this course will be as big as the following. We will start by introduction which is this video. We will talk about Google services in very high level only the ones that we will use in this lab and in this course. Then we will talk about the lab setup we have, we will talk about scenarios and will describe these scenarios and requirements. Then we will start by the first scenario we should contract our devices, we will onboard these devices using Samuel and we will use security adapt to authenticate and authorize these users. After that we will have the third scenario or the third part with second scenario in this part we will discuss another scenario which is the student devices. Student devices will connect using the pip and we need to collect attributes from Google MDM about these devices. We will use these attributes to apply special bonuses and special rules for these devices. The objective of this course is not to describe Google services and products in details. I want only to mention the main services that you will integrate with. First of all we have Google Cloud identity, which is the story of identities that will integrate with there are different ways to integrate with Google Cloud identity. We have SAML and to integrate using SAML we will use google workspace. The other way to integrate is using OAuth2.0. And to integrate with the ClearPass using OAuth2.0, we will use Google Cloud platform. Another way is using Secure LDAP, there is a special connector in Google workspace for Secure LDAP. When it comes to student devices, we want to integrate with google MDM and we will integrate using OAuth2.0 also through Google Cloud platform. The relationship between these products and these services is not part of this course. You can refer to Google documentation for more details. My focus will be only about the integration between these products and clear path and this is not part of this course. In this course, I don't have this integration, I will focus only on Google services and Google products that will integrate with. In this course we will focus mainly on three integration methods. The first method is using single sign on ClearPass onboard can integrate with Google Cloud identity using protocols like SAML or OAuth2.0. And we will test this in our first scenario. In our first scenario, we will use SAML protocol to integrate onboard with Google Cloud identity. The other protocol is secure LDAP, Google workspace of our secure LDAP integration or secure LDAP connector. This needs special license and it can be used for authentication or authorization using ClearPass extension in this course. In the first scenario we will configure a clear path extension we will integrate this extinction with Google secure LDAP for authentication authorization for contractor devices. The third integration is the integration with Google MDM. Google has MDM product that can be used to manage endpoint devices. ClearPass can integrate with this MDM using endpoint context Servers. This uses a student over to call to sink this Google MDM database with ClearPass endpoint database. Then we can use these attributes collected to authorize the student devices. And this is what we will do in the second scenario. This is a graphical representation of different integrations we have between ClearPass and Google. This representation is not to describe Google services, there are many details in these services. It is only to show you what the protocol we will use in different scenario. In the first scenario where we want to onboard contractor devices, we will use single sign on protocols, we will use SAML. But also to that, always another option that we will not use in this lab, when it comes to authentication or authorization. We will use secure LDAP, Google workspace as secure LDAP connector. We will create and configure ClearPass extinction and we will enable secure LDAP authentication source in the first scenario. In the second scenario for student devices we will integrate with Google MDM. This integration from ClearPass will use endpoint context server and from Google side. This will use OAuth2.0, enabling OAuth2.0 will be from Google Cloud platform. While SAML will be enabled from Google workspace. We will see the details during our labs and during our scenarios. When you plan for this integration, you need to understand the subscriptions or licenses required for different protocols. You need to verify the latest documentation from Google as we speak these are the requirements. There are different requirements for business and education, and in our course we need SAML. So this is supported in these subscriptions, but when it comes to secure LDAP, secure LDAP needs this subscription. So please make sure your subscription or your license from Google support required the protocols before you start this integration. The requirement for education is different than requirements for business and there are other options that are not described here. What I wanted to say here is that you need to plan for this integration and you need to make sure that your subscription and your license support required the protocols. Before you start this course, I suggest you go over these documents to understand these protocols more. First of all, we have this document which is about the integration between a ClearPass and the Cloud identity providers including Google. This document includes different providers like Microsoft, Google, or Octa. And it includes different options to integrate ClearPass onboard with Google Cloud. When it comes to Google MDM, there is another document or another link for this integration. Google MDM is integrated as endpoint context silver, which means information from Google MDM will be sink down to ClearPass endpoint database. And attributes in this endpoint database can be used in authorization or authentication services. If you want to know more about google sync with Microsoft AD. This link may help or maybe you need to vilify Google documentation about details. In my lab, I don't have anything between Google and Microsoft AD. I will consider integration with Google as a separate the cloud and we'll do our scenarios based on that. Now let's talk about lab setup and customer requirements. The last setup I have is has been the following. I have instant AP 192.168.0.80. It already broadcast to AD SSIDs secure and guests. I have my ClearPass 192.168.0.1.20 and my local AD. My clear bass is already integrated with instant and it is already integrated already with active directory. When it comes to wireless, I have two SSIDs, I have secure SSID, and this one is mainly for EPA against local AD. It is used by students and by staff to connect to local resources. The rule is very basic. If it is a domain device, it will get full access, if it is personal device it will get Internet only for this side. It has captive bottle and it authenticates guest against guest user database. It has self registration configured and we may need to modify a little bit for contractors to onboard their devices. The requirements are listed in this slide we have two groups of users. We have contractors and students. For contractors they use unmanaged devices, which means we cannot install any software in these devices and we cannot manage them by our organization. They should authenticate using certificate and once authenticated they will get contracted role in Aruba instant. We need to verify the account in Google every time they connect to make sure that the account is still valid and still active. On the other side for students they can use personal device or a school provided Chromebook. School provided Chromebooks are managed by Google MDM and if the students use the school Chromebook, they will get student role in Aruba instant. Otherwise if they use their own personal device, they will get Internet only and they will not be able to access any internal resources in the school. In this video we discussed course agenda in highly ville we discussed Google services we will use in this course. We discussed lab setup and customer requirements. In the next video, we will start configuring scenario one. Thank you for joining and see you in the next video. In this video, we discussed course agenda in high level, we discussed Google services we would use in this course. We discussed lab setup and customer requirements. In the next video, we will start configuring scenario one. Thank you for joining and see you in the next video.