Portnox Cloud 3

Questions and Answers

When integrating Portnox Cloud with Microsoft Entra ID, which of the following steps is crucial for ensuring seamless user authentication and authorization?

• Granting Portnox Cloud application the necessary permissions to access user and group information in Entra ID. (correct)
• Disabling multi-factor authentication within Entra ID to simplify the integration process.
• Bypassing Entra ID conditional access policies to allow all devices unrestricted access.
• Configuring Entra ID to exclusively use on-premises Active Directory for authentication.

When using local RADIUS servers with Portnox Cloud, the cloud service directly handles all authentication requests, while the local server primarily serves as a backup in case of connectivity issues.

False (B)

In a scenario where a device fails to onboard to Portnox Cloud using certificates, what is a critical troubleshooting step to verify that the certificate is trusted by the device?

Ensure the certificate's root CA is trusted by the device.

To ensure secure communication between Portnox Cloud and a local Active Directory instance, the Portnox Active Directory Broker (AD Broker) establishes a(n) _______ connection, which encrypts the data transmitted between the cloud and the on-premises environment.

encrypted

Match the following Portnox Cloud features with their primary function:

RADIUS CoA = Allows dynamic changes to user access policies without requiring re-authentication. TACACS+ = Provides centralized authentication, authorization, and accounting for network devices. Self-Onboarding Portal = Enables users to easily connect their devices to the network with minimal IT intervention. Monitoring Mode = Facilitates risk-free device onboarding by observing network behavior before enforcing policies.

When configuring a guest Wi-Fi network with Portnox Cloud, which of the following methods provides the most secure approach for granting temporary network access to visitors?

Implementing a captive portal with unique, time-limited credentials generated for each guest. (D)

The primary purpose of the Portnox Cloud reporting service is to provide real-time monitoring of network traffic and immediate alerts for security incidents.

False (B)

What specific type of information should be included in SIEM alerts from Portnox Cloud to effectively correlate network access events with other security data?

Usernames, IP addresses, event timestamps, and policy names.

In the context of Portnox Cloud, the term 'site' refers to a logical or physical location where network access policies are consistently _______, allowing for granular control based on geographic or organizational boundaries.

enforced

Match the following integration partners with their primary role in enhancing Portnox Cloud's capabilities:

Microsoft Intune = Provides device compliance and health information for conditional access policies. Jamf = Offers macOS device management and inventory data for informed access decisions. Absolute Secure Endpoint = Delivers device security and risk assessment data for enhanced policy enforcement. SIEM Platforms = Aggregates security logs and events for threat detection and incident response.

When deploying the Portnox Cloud local TACACS+ server using Docker containers, which configuration aspect is most critical for ensuring persistent data storage and preventing data loss during container restarts?

Configuring a persistent volume to store the TACACS+ server's configuration and logs. (B)

Enabling the RADIUS Change of Authorization (CoA) feature in Portnox Cloud requires no specific configuration on the network access devices (NAS) beyond pointing them to the Portnox Cloud RADIUS servers.

False (B)

What is the most effective preventive measure to avoid service outages when integrating Portnox Cloud with a local Active Directory environment?

Implementing redundant AD Brokers in different network segments.

In a BYOD environment managed by Portnox Cloud, configuring _________ policies can ensure that devices meet minimum security standards before being granted access to corporate resources.

posture

Match the following EAP methods with their primary security characteristics:

EAP-TLS = Requires client-side and server-side certificates for mutual authentication, providing strong security. EAP-TTLS = Establishes a TLS-encrypted tunnel for secure transmission of credentials, supporting various inner authentication methods. PEAP = Uses a TLS tunnel to protect the authentication process, commonly used with MS-CHAPv2. EAP-FAST = Employs a Protected Access Credential (PAC) for faster re-authentication, developed by Cisco.

When designing an access control policy in Portnox Cloud, what is the most effective strategy to minimize the risk of privilege escalation?

Implementing the principle of least privilege, ensuring users only have the minimum necessary access rights. (B)

The Portnox Cloud REST API can only be used to retrieve information about network devices and user accounts, but not to make configuration changes or enforce policies.

False (B)

Besides username and password, what additional factor can be incorporated into TACACS+ authentication in Portnox Cloud to enhance network device access security?

Device IP address or network location.

To maintain high availability of Portnox Cloud services, it is recommended to configure _______ across multiple geographic regions, ensuring business continuity in case of a regional outage.

redundancy

Match the following Portnox Cloud troubleshooting tools with their primary use case:

AAA Logs = Diagnose authentication, authorization, and accounting issues by reviewing detailed access logs. Alerts = Identify and respond to potential security incidents and network anomalies in real-time. Reporting Service = Analyze historical data to identify trends, assess policy effectiveness, and generate compliance reports. Monitoring Mode = Safely test and validate new network configurations without disrupting existing services.

When configuring Ethernet devices (NAS switches) to work with Portnox Cloud RADIUS servers, which setting is crucial to prevent unauthorized devices from gaining network access?

Enabling port security and limiting the number of MAC addresses allowed per port. (C)

In Portnox Cloud, device retention periods are fixed and cannot be customized based on the organization's specific compliance or data retention policies.

False (B)

What is a critical security measure to implement when integrating Portnox Cloud with OpenLDAP to protect against LDAP injection attacks?

Input validation and sanitization.

To ensure secure communication between the Portnox Active Directory Broker and the domain controllers, it is recommended to use _______ encryption for all LDAP traffic.

LDAPS

Match the following Portnox Cloud onboarding methods with their appropriate use case scenarios:

Credentials-based Onboarding = Suitable for environments where users have existing domain credentials and require minimal configuration. Certificates-based Onboarding = Ideal for high-security environments requiring strong authentication and device identity verification. AgentP-based Onboarding = Useful for organizations needing comprehensive endpoint visibility and control during the onboarding process. MAC Address-based Onboarding = Appropriate for scenarios involving headless devices or devices with limited user interaction capabilities.

When configuring a captive portal for a guest network in Portnox Cloud, which of the following settings is most effective at preventing abuse while ensuring a positive user experience?

Implementing strict bandwidth quotas and time limits for guest sessions. (D)

To improve the performance of local RADIUS servers integrated with Portnox Cloud, it is recommended to disable all caching mechanisms and rely solely on real-time authentication requests from the cloud.

False (B)

What specific type of DNS record is typically required to enable seamless integration between Portnox Cloud and a third-party SIEM platform?

A CNAME record pointing to the SIEM platform's ingestion endpoint.

In a Zero Trust environment managed by Portnox Cloud, continuous _______ assessment is crucial to ensure that devices and users maintain a secure posture throughout their network session.

risk

Match the following Portnox Cloud security principles with their practical implications:

Least Privilege = Granting users only the minimum necessary access rights to perform their job functions. Defense in Depth = Implementing multiple layers of security controls to protect against various attack vectors. Zero Trust = Assuming that no user or device is inherently trustworthy and requiring continuous verification. Separation of Duties = Dividing critical tasks among multiple individuals to prevent any single person from compromising the system.

When configuring the Portnox Active Directory Broker, which of the following settings is critical for minimizing the attack surface and preventing unauthorized access to the Active Directory domain?

Limiting the AD Broker account to the minimum necessary permissions required for querying and validating user information. (C)

Portnox Cloud's monitoring mode is designed to completely block all non-compliant devices from accessing the network, ensuring that only fully compliant devices are allowed to connect.

False (B)

What is the primary benefit of integrating Portnox Cloud with endpoint management solutions like Microsoft Intune or Jamf for device onboarding?

Automated device enrollment and compliance checks.

To centrally manage authentication, authorization, and accounting for network devices such as routers and switches, Portnox Cloud leverages the _______ protocol.

TACACS+

Match the following concepts with their corresponding descriptions in the context of Portnox Cloud:

Account = Represents a user or device that requires network access. Group = A collection of accounts that share common access policies. Policy = A set of rules that define the level of network access granted to accounts or groups. Site = A logical or physical location where specific network access policies are enforced.

When a user reports issues accessing network resources after being onboarded to Portnox Cloud, what is the most efficient first step for troubleshooting the problem?

Checking the user's account status and policy assignments in Portnox Cloud. (C)

To ensure maximum security, Portnox Cloud always modifies the source code of integrated third-party applications to enforce conditional access policies.

False (B)

What is the most effective method to prevent unauthorized access to Portnox Cloud administrator accounts?

Enforcing multi-factor authentication (MFA).

To ensure that devices connecting to a guest network are protected from malicious content, Portnox Cloud can be configured to integrate with _______ filtering services.

web

Match each term related to TACACS+ with its definition.

Authentication = Verifying the identity of the user or device requesting network access. Authorization = Determining what level of access a user or device is permitted after authentication. Accounting = Tracking and logging the network activities of users and devices for auditing and reporting purposes. NAS = Stands for Network Access Server, controls the point of entry to the network.

Which of the following represents the MOST comprehensive method for onboarding devices to Portnox™ Cloud, offering flexibility and integration capabilities?

Leveraging endpoint management solutions (e.g., Intune) for automated onboarding (C)

Integrating Portnox™ Cloud with a SIEM platform primarily aims to enhance network access control by providing real-time threat intelligence and automated incident response.

False (B)

Describe a scenario where using a local RADIUS server in conjunction with Portnox™ Cloud would be advantageous compared to relying solely on cloud RADIUS servers.

When low latency and high availability are critical, or when dealing with legacy devices that may not fully support cloud-based authentication protocols.

To enable dynamic access policy changes within Portnox™ Cloud, it is essential to configure the __________ feature, allowing the system to send real-time updates to network access devices.

RADIUS Change of Authorization

Match each Portnox™ Cloud integration with its primary function:

Microsoft Entra ID = Centralized user authentication and directory services Microsoft Intune = Endpoint management and device compliance SIEM Platform = Security event monitoring and incident analysis Absolute Secure Endpoint = Advanced endpoint data and device security for risk assessment

What is the MOST significant difference between cloud RADIUS and local RADIUS servers in Portnox Cloud?

Cloud RADIUS servers are hosted and maintained by Portnox, while local RADIUS servers are deployed and managed by the organization. (D)

The primary purpose of the Portnox™ Active Directory Broker (AD Broker) is to provide single sign-on (SSO) capabilities for cloud applications.

False (B)

Explain the role of policies within Portnox™ Cloud and how they contribute to network access control.

Policies define the rules and criteria for granting or denying network access based on user identity, device posture, and other contextual factors. They ensure consistent enforcement of security standards across the network.

When configuring a guest Wi-Fi network in Portnox™ Cloud, the use of a __________ is essential for providing secure and controlled access to visitors.

captive portal

Match each onboarding method with its primary use case or characteristic:

Credentials-based onboarding = Suitable for users with existing network accounts and passwords Certificate-based onboarding = Offers enhanced security through digital certificates and automated enrollment AgentP onboarding = Provides comprehensive device posture assessment and remediation capabilities MAC address-based onboarding = Useful for devices that do not support traditional authentication methods

Which integration would BEST facilitate enforcing compliance policies by basing network access on device health and software versions?

Microsoft Intune (A)

Configuring sites in Portnox™ Cloud is primarily intended for managing user roles and permissions within different departments of an organization.

False (B)

Describe the factors that should be considered when deciding between using a virtual machine and a Docker container for deploying a local TACACS+ server with Portnox™ Cloud.

Resource isolation, deployment speed, scalability, and existing infrastructure should inform the decision. VMs offer strong isolation, while containers provide faster deployment and higher density.

To troubleshoot connectivity issues between Portnox™ Cloud and a local Active Directory instance, administrators should focus on examining the logs and configurations of the __________.

Portnox Active Directory Broker

Match each type of network access device (NAS) with the appropriate configuration considerations for integration with Portnox™ Cloud:

Ethernet switches = VLAN assignments and port-based authentication settings Wireless access points = SSID configuration, authentication protocol (e.g., 802.1X), and captive portal integration VPN gateways = RADIUS authentication settings, tunnel configuration, and IP address management Firewalls = Access control rules, authentication policies, and log forwarding

Which of the following best describes the function of Portnox Cloud's Remote Private Access (RPA)?

Providing secure remote access to internal applications without a VPN (D)

The primary benefit of integrating Portnox™ Cloud with Jamf is to enable mobile device management (MDM) capabilities within the Portnox™ Cloud platform.

False (B)

Explain how configuring preventive measures in Portnox™ Cloud can reduce the risk of service outages or security incidents.

By proactively monitoring system health, implementing redundancy, and establishing alerting thresholds, potential issues can be identified and addressed before they escalate into major disruptions.

The __________ feature in Portnox™ Cloud allows administrators to safely onboard devices without enforcing access policies, ensuring minimal disruption to existing network operations.

monitoring mode

Match each troubleshooting area with the appropriate log sources or diagnostic tools within Portnox™ Cloud:

Onboarding failures = Device registration logs and onboarding portal activity RADIUS connectivity issues = Authentication logs and RADIUS server status Active Directory Broker problems = AD Broker logs and communication status Guest network access = Captive portal logs and authentication events

Which security principle is MOST directly addressed by the device retention periods in Portnox Cloud?

Data Minimization (D)

All EAP methods offer the same level of security, and the choice of which one to use depends primarily on the ease of configuration and compatibility with the client devices.

False (B)

Explain how you would utilize the Portnox Cloud REST API to automate the process of creating and managing network access policies.

By using the API endpoints for policy creation, modification, and deletion, policies can be dynamically managed based on external triggers or scheduled events, streamlining policy management and deployment.

The Portnox Cloud __________ service allows administrators to download or schedule reports on network access activity, security events, and system performance.

reporting

Match each certificate type with its primary purpose within Portnox™ Cloud:

TLS certificates = Securing communication between Portnox™ Cloud components and external services. Client certificates = Authenticating devices and users. Root certificates = Establishing trust in the certificate chain.

What is a key architectural advantage of using Local TACACS+ Server?

Provides faster response times due to proximity to network devices. (A)

TACACS+ protocol primarily focuses on securing wireless network connections.

False (B)

Define 'Conditional Access for Applications' (CAA) and explain how it strengthens security.

CAA restricts access to applications based on contextual factors like user identity, device health, and location, enhancing security by ensuring only authorized users and devices can access sensitive resources.

To effectively configure Portnox Cloud with devices like switches and firewalls for AAA services, one must properly set up __________ servers to handle authentication, authorization, and accounting processes.

RADIUS

Match each term with its correct definition within the Portnox Cloud context:

Account = A unique user or entity in the system. Group = A collection of accounts. Policy = Rules that dictate network access based on defined criteria. Site = A physical location or segment managed within Portnox Cloud.

What considerations are most important when deciding between local and cloud deployment options?

Performance, compliance, and existing infrastructure. (C)

The CLEAR platform name was changed to Portnox Cloud primarily to indicate a shift towards offering only cloud-based services, discontinuing any on-premises solutions.

False (B)

How does integrating Portnox Cloud with security information and event management (SIEM) platforms improve an organization's cybersecurity posture?

Integrating with SIEM platforms boosts cybersecurity by centralizing alerts, providing better threat visibility, and enabling more effective incident responses.

When integrating Portnox™ Cloud with Microsoft Intune, __________ __________ __________ should be configured in Intune to allow Portnox™ Cloud to assess device compliance posture.

Conditional Access policies

Match each component of the Portnox architecture with its respective function:

Onboarding Portal = Facilitates device enrollment and configuration. Policy Engine = Applies access control rules based on user and device context. Authentication Service = Verifies user identities using various authentication repositories. Reporting Service = Generates insights and reports on network access activity.

Which of the following describes the most effective strategy for configuring NAS devices to enforce security policies?

Standardize RADIUS configurations across all NAS devices, aligning with the Portnox Cloud security policies. (C)

AAA logs are primarily used for real-time intrusion detection and immediate threat response.

False (B)

Explain how you would set up network segmentation using Portnox Cloud to isolate a guest Wi-Fi network from the corporate network.

To isolate a guest Wi-Fi network, create a separate VLAN for the guest network, configure a dedicated site in Portnox Cloud, apply restrictive access policies, and enable captive portal authentication.

The Portnox™ Cloud solution can integrate with a local Active Directory (AD) instance using the __________ __________ __________ software, enabling authentication and authorization based on existing AD credentials.

Portnox Active Directory Broker

Associate appropriate actions to corresponding alerts

Failed login attempts = Investigate for potential brute-force attacks Device compliance violations = Quarantine the device Unauthorized access attempts = Block suspicious connections Certificate expiration = Renew certificates

When integrating Portnox Cloud with Google Workspace, which configuration element is essential for ensuring that user authentication requests are accurately routed and processed?

Creating a service account with domain-wide delegation in Google Workspace to grant Portnox Cloud access to user directory information. (C)

In the context of Portnox Cloud, how does the implementation of 'sites' enhance network access control for organizations with geographically dispersed locations?

By allowing the creation of location-specific policies that consider unique security requirements and compliance mandates. (B)

When deploying a local TACACS+ server for Portnox Cloud using Docker containers, which strategy is MOST effective for maintaining service availability during host system maintenance?

Utilizing Docker Swarm or Kubernetes to orchestrate multiple TACACS+ containers across different host machines for automatic failover. (D)

When using the Portnox Cloud REST API to automate network access policy updates, what is a critical consideration for ensuring that changes are applied without disrupting existing network operations?

Implementing a rollback mechanism that automatically reverts changes if any errors are detected during the update process. (A)

In a scenario where devices are onboarded to Portnox Cloud using certificates, what is the MOST secure method for managing certificate revocation to prevent unauthorized access?

Publishing a Certificate Revocation List (CRL) and configuring Portnox Cloud to regularly check the CRL for revoked certificates. (D)

When integrating Portnox Cloud with a Security Information and Event Management (SIEM) system, which configuration ensures the MOST effective correlation of network access events with other security data?

Using a custom alert format that includes detailed user, device, and access context information in a standardized format. (D)

To enhance the security of the Portnox Active Directory Broker (AD Broker), what measures should an administrator take to protect against potential man-in-the-middle attacks during communication with domain controllers?

Enforcing mutual authentication using certificates between the AD Broker and domain controllers, ensuring both parties are verified. (D)

What is the MOST effective approach to mitigate the risk of unauthorized access when configuring a guest Wi-Fi network with a captive portal in Portnox Cloud?

Requiring guests to authenticate using SMS-based one-time passcodes (OTPs) and enforcing a strict data usage policy. (D)

When integrating Portnox Cloud with Microsoft Intune for device compliance assessment, which configuration step is critical for ensuring that only devices meeting specific compliance criteria are granted network access?

Creating a Conditional Access policy in Intune that requires devices to be compliant before granting access to cloud applications. (C)

To ensure high availability and redundancy of RADIUS services in Portnox Cloud, what is the recommended deployment strategy for local RADIUS servers?

Configuring multiple local RADIUS servers in different geographic locations and using a load balancer to distribute authentication requests. (A)

In a complex network environment utilizing both cloud and local RADIUS servers with Portnox Cloud, what is the MOST effective method for prioritizing authentication requests to minimize latency and optimize performance?

Implementing a RADIUS proxy server that directs authentication requests to the nearest available server based on geographic location. (A)

Considering the security principles of Portnox Cloud, how does the platform's architecture address the principle of least privilege in the context of administrator access?

By enforcing granular role-based access control (RBAC) that restricts administrator access to only the resources and functions necessary for their specific tasks. (A)

When configuring 802.1X authentication with Portnox Cloud, which Extensible Authentication Protocol (EAP) method provides the strongest protection against man-in-the-middle attacks and credential theft, especially in untrusted network environments?

EAP-TLS, as it requires client-side certificates for mutual authentication, verifying both the client and the server. (C)

To effectively utilize the Portnox Cloud monitoring mode for a large-scale network, what is the MOST critical factor in ensuring a smooth transition to full policy enforcement?

Analyzing the data collected during the monitoring period to identify non-compliant devices and create targeted remediation policies. (C)

When integrating Portnox Cloud with Absolute Secure Endpoint, what is the MOST effective approach for leveraging device security information to enhance risk assessment policies?

Using the device security data from Absolute to dynamically adjust network access policies based on real-time risk assessments. (D)

What is the MOST critical consideration when configuring Network Access Devices (NADs) to access the Portnox Cloud TACACS+ server to ensure secure and reliable authentication, authorization, and accounting?

Implementing IP address-based access lists on the TACACS+ server to restrict connections to only authorized NADs and configuring strong, unique shared secrets per device. (A)

In a scenario where users report intermittent connectivity issues after being onboarded to Portnox Cloud, what is the MOST effective initial troubleshooting step to identify the root cause?

Examining the AAA logs in Portnox Cloud to determine if authentication and authorization requests are being processed correctly and to identify any errors or failures. (C)

How does Portnox Cloud ensure the availability and reliability of its cloud services in the event of a regional outage affecting its primary data center?

By replicating its services and data across multiple geographically diverse data centers and automatically failing over to a secondary data center in case of an outage. (D)

Given the device retention periods in Portnox Cloud, what strategy BEST balances compliance requirements with efficient database management?

Customizing retention periods based on device criticality and applicable regulations, while archiving older data to a separate storage solution. (C)

When configuring the self-onboarding portal in Portnox Cloud, which security measure is MOST effective in preventing unauthorized device registrations and ensuring only legitimate users can onboard their devices?

Requiring multi-factor authentication (MFA) for all users attempting to access the self-onboarding portal and integrating with an existing identity provider for authentication. (B)

Flashcards

RADIUS

RADIUS is used for network authentication and network access control. Portnox Cloud can be used for RADIUS network authentication and network access control.

TACACS+

TACACS+ is a protocol providing AAA (Authentication, Authorization, and Accounting) services. Portnox Cloud can be configured to use TACACS+.

CAA

CAA in Portnox Cloud refers to Conditional Access for Applications, a service that controls application access based on specified conditions.

RPA

RPA in Portnox Cloud refers to Remote Private Access, a service that allows secure remote access to private resources.

Portnox Cloud Trial

A 30-day trial of Portnox Cloud can be started by creating a Portnox ID creating a tenant with access to all the Portnox Cloud functions.

Cloud RADIUS Servers

Cloud RADIUS servers are created within the Portnox Cloud platform and are used for network authentication.

Microsoft Entra ID Integration

Portnox Cloud can be integrated with Microsoft Entra ID for user and group management and authentication.

Google Workspace Integration

Portnox Cloud can be integrated with Google Workspace for user and group management and authentication.

Okta Integration

Portnox Cloud can be integrated with Okta Workforce Identity Cloud for identity and access management.

AD Broker

The Portnox Active Directory Broker (AD Broker) allows Portnox Cloud to integrate with a local Active Directory for authentication and authorization.

Accounts, Groups, Policies, Sites

Accounts represent users or devices, groups are collections of accounts, policies define access rules, and sites represent physical locations in Portnox Cloud.

Onboarding

Onboarding in Portnox Cloud refers to the process of enrolling devices into the network for management and security.

Onboarding Methods

Devices can be onboarded using credentials, certificates, AgentP, MAC addresses, or endpoint management solutions.

SIEM Integration

Portnox Cloud can integrate with SIEM platforms to provide security event information and enhance threat detection.

TACACS+ Service

The Portnox Cloud TACACS+ service provides AAA services for network devices.

Alerts

Alerts in Portnox Cloud provide notifications about important events and potential security issues.

AAA Logs

AAA logs in Portnox Cloud record authentication, authorization, and accounting activities for troubleshooting and auditing.

Reporting Service

The Portnox Cloud reporting service allows users to download or schedule various types of reports for analysis and compliance.

Monitoring Mode

Monitoring mode allows safe onboarding of devices without risking loss of network access.

Certificates

Portnox Cloud uses various types of certificates to secure communications.

EAP Methods

EAP methods are used by Portnox Cloud, authentication repositories, and operating systems for secure authentication.

REST API

The Portnox Cloud REST API allows programmatic access to Portnox Cloud functions for automation and integration.

Local RADIUS Server Software

Portnox local RADIUS server is software that works together with Portnox™ Cloud.

Local TACACS+ Server Software

Portnox local TACACS+ server software that works together with Portnox™ Cloud.

CLEAR to Cloud Name Change

A transition from Portnox CLEAR to Portnox Cloud, involving changes that users should be aware of.

Cloud RADIUS

A type of RADIUS server that exists within the Portnox Cloud infrastructure, as opposed to on-premise.

RADIUS Change of Authorization

Allows Portnox Cloud to send RADIUS Change of Authorization packets to network access devices when access policies change.

Local RADIUS Server

A local installation of the RADIUS server software by Portnox, that operates in conjunction with the Portnox Cloud platform.

Active Directory Broker

Software allowing Portnox™ Cloud to integrate with a local Active Directory (AD) instance.

Sites

A physical location managed by Portnox Cloud, such as an office or branch.

Guest Access

A temporary network access option for visitors, configured within Portnox Cloud.

Onboarding with Credentials

Using usernames and passwords to enroll devices into Portnox™ Cloud for management and security.

Onboarding with Certificates

Using digital certificates to securely enroll devices into Portnox™ Cloud for management and security.

Onboarding with MAC Addresses

Using MAC addresses to enroll devices into Portnox Cloud, often manually.

Troubleshooting AgentP

Software to troubleshoot problems with the installation and operation of the Portnox™ AgentP.

Portnox Cloud Security

Security principles and architectural implementation designed to guarantee data protection and secure network access.

Cloud Service Availability

The assurance that the Portnox Cloud service is consistently operational and reliable.

Device Retention Period

How long device information is stored within Portnox Cloud.

Local TACACS+ Server

Software allowing Portnox™ Cloud local TACACS+ server.

RADIUS/NAC Setup

Steps to configure Portnox Cloud for RADIUS network authentication and network access control.

TACACS+ Service Configuration

Steps for setting up and running TACACS+ service in Portnox Cloud.

CAA Setup Steps

Steps for setting up Conditional Access for Applications in Portnox Cloud.

RPA Configuration

Steps to configure Portnox Cloud for Remote Private Access.

Portnox Cloud Basics

Basic concepts and architecture of Portnox Cloud.

Portnox Cloud Sign-Up

How to sign up for a 30-day trial of Portnox Cloud by creating a Portnox ID, which creates your Portnox Cloud tenant with access to all functions.

Portnox Cloud Login

Logging into Portnox Cloud using Portnox ID or a web login provider.

Admin Account Management

How to manage administrator accounts in Portnox Cloud.

Organization Data Management

How to manage organization data within Portnox Cloud.

Local RADIUS VM Setup

Installing and running local RADIUS servers with Portnox Cloud using virtual machines.

Local RADIUS Docker Deployment

Deploying the Portnox Cloud local RADIUS server using Docker containers.

Ethernet Device Configuration

Configuring Ethernet devices to connect to Portnox Cloud RADIUS servers and provide AAA services.

Wireless Device Configuration

Configuring wireless devices to connect to Portnox Cloud RADIUS servers and provide AAA services.

Microsoft Intune Integration

Integrate Portnox Cloud with Microsoft Intune.

Local TACACS+ on VMs

How to install and run Local TACACS+ servers that work together with Portnox™ Cloud using virtual machines.

Local TACACS+ in containers

How to deploy the Portnox™ Cloud local TACACS+ server using Docker containers.

NAS TACACS+ Configuration

Configure your NAS devices to access the Portnox™ Cloud local TACACS+ server.

Troubleshooting Local Instances

Learn how to troubleshoot problems with the operation of the local RADIUS/TACACS+ instances.

Troubleshooting Docker

Learn how to troubleshoot problems with the operation of Portnox Docker containers for various services.

Troubleshooting CAA

Learn how to troubleshoot problems with Portnox Conditional Access to Applications.

Study Notes

Quick Start Guides

• RADIUS/NAC guides users through the initial steps for network authentication and access control.
• TACACS+ guides users through the steps to configure and run the TACACS+ service.
• CAA guides users through the configuration of the Conditional Access for Applications service.
• RPA guides users through the configuration of the Remote Private Access (RPA) service.

General Information

• Portnox Cloud introduces the basic concepts and architecture.
• Name Change: CLEAR → Cloud covers the implications of the name change from Portnox CLEAR to Portnox Cloud.

Account Management

• Sign Up details the process for signing up for a 30-day trial by creating a Portnox ID and setting up a tenant, which grants access to all functions.
• Log In explains how to access Portnox Cloud using Portnox ID or a web login provider.
• Admin Account contains instructions for managing your administrator account.
• Organization Data details the management of organization data within Portnox Cloud.
• Other Admin Accounts describes the management of other administrator accounts.

RADIUS Server Configuration

• RADIUS Servers differentiates between cloud and local RADIUS servers.
• Local RADIUS Server (VM) explains how to install and run local RADIUS servers using virtual machines to work with Portnox Cloud.
• Local RADIUS Server (Container) details the deployment of the local RADIUS server using Docker containers.
• RADIUS CoA describes setting up the environment for Portnox Cloud to send RADIUS Change of Authorization (CoA) packets to NAS devices when access policies are changed.
• Cloud RADIUS Servers contains instructions for creating cloud RADIUS servers.

Integration Guides

• Microsoft Entra ID details the integration with Microsoft Entra ID (Azure Active Directory).
• Google Workspace guides the integration with Google Workspace.
• Okta describes the integration with Okta Workforce Identity Cloud.
• Active Directory explains the integration with a local Active Directory instance via the Active Directory Broker (AD Broker).
• OpenLDAP outlines the integration with a local OpenLDAP instance.

Core Concepts

• Accounts, Groups, Policies, & Sites defines these key terms.

Configuration Guides

• Groups provides information on configuring groups.
• Accounts provides information on configuring accounts.
• Policies provides information on configuring policies.
• Sites provides information on configuring sites.
• Guest Access details the configuration of a guest Wi-Fi network.

NAS Device Configuration

• Ethernet Devices provides instructions for configuring Ethernet-based NAS devices to use RADIUS servers for AAA services.
• Wireless Devices provides instructions for configuring wireless NAS devices.
• Wireless Captive Portals details configuration of captive portals on wireless NAS devices for the guest network.
• VPNs and Other Devices explains configuring generic VPN devices for 802.1X RADIUS authentication, applicable to other NAS devices.

Onboarding

• Onboarding Overview explains the concept of onboarding.
• Self-Onboarding Portal details setting up the self-onboarding portal for users.
• Onboarding with Credentials guides device onboarding using credentials.
• Onboarding with Certificates guides device onboarding using certificates.
• Onboarding with AgentP guides device onboarding using AgentP.
• Onboarding with MAC Addresses guides device onboarding using MAC addresses.
• Onboarding via Endpoint Management details onboarding using endpoint management solutions.

SIEM Integration

• SIEM Platforms covers integrating with various Security Information and Event Management (SIEM) platforms.

Endpoint Management Integration

• Microsoft Intune details integration between Portnox Cloud and Microsoft Intune.
• Jamf details integration between Portnox Cloud and Jamf.
• Absolute Secure Endpoint integrates with Absolute Secure Endpoint for device security data used in risk assessment policies.

TACACS+ Service

• TACACS+ Service explains how the TACACS+ service functions.
• Local TACACS+ Server (VM) details installing and running local TACACS+ servers using virtual machines.
• Local TACACS+ Server (Container) details deploying the local TACACS+ server using Docker containers.
• NAS Device Configuration provides tips for configuring NAS devices to access the local TACACS+ server.

Troubleshooting

• Alerts defines alerts and their uses.
• AAA Logs defines AAA logs and their uses.
• Reporting Service explains how to use the reporting service to download/schedule reports.
• Preventive/Reactive Measures outlines preventing and reacting to service outages.
• Monitoring Mode details using monitoring mode for safe device onboarding.
• Onboarding assists with troubleshooting device onboarding issues.
• RADIUS Connectivity assists with troubleshooting RADIUS server connectivity.
• AD Broker helps troubleshoot the Active Directory Broker.
• AgentP helps troubleshoot AgentP.
• Local RADIUS/TACACS+ Instances assists with troubleshooting local RADIUS/TACACS+ instances.
• Docker Containers assists with troubleshooting Docker containers.
• Guest Network assists with troubleshooting the guest network and captive portal.
• Integrations helps troubleshoot integrations with authentication repositories and endpoint management solutions.
• Conditional Access for Applications assists with troubleshooting Conditional Access to Applications.

Security

• Security Principles overviews security principles.
• Availability & Reliability provides details on the availability and reliability of services.
• Device Retention defines device retention periods.
• Certificates lists certificate types.
• EAP Methods lists EAP methods and their security.
• Alert Format/Content details alert information sent to integrated SIEM solutions and its format.

API

• REST API introduces the REST API.

Component Information

• AD Broker describes the Active Directory Broker (AD Broker).
• Local RADIUS describes the local RADIUS server software.
• Local TACACS+ describes the local TACACS+ server software.

Additional Resources

• Other Integrations provides links to documentation for other integrations.
• Support Portal provides access to the knowledge base and support ticket management.
• Contact Support lists the email address for opening support tickets.
• Status Updates provides information on monitoring the status of services.
• Changelog lists major documentation changes from January 2024 onward.