When Aruba ClearPass Policy Manager (CPPM) is integrated with Aruba Central for Device Insight, the tags assigned in Central are automatically synchronized to the CPPM Endpoints Repository as an attribute of the endpoint. To use these tags for policy decisions, you create a rule condition of the type "Endpoint" and select the "Tags" attribute. The Endpoints Repository is an implicit authorization source for all services, so it is not necessary to explicitly add it to the service's authorization sources list for this functionality to work.

A: This describes a manual, non-standard method. The native integration synchronizes tags automatically, eliminating the need to create a separate HTTP authentication source to query the API for tags.

B: The "Application" type is incorrect. This type is used for conditions related to application-level attributes (e.g., from OnGuard), not device-level tags from Device Insight.

C: The rule type is "Endpoint," not "Endpoints Repository." Furthermore, the Endpoints Repository is an authorization source, not an authentication source, and it is used by default.

1. Aruba Central and ClearPass Integration Guide: In the section "Using Tags in Enforcement Profiles

" the guide explicitly shows the procedure for creating enforcement policy rules based on tags. It demonstrates creating a rule with Type: Endpoint

Name: Tags

and an appropriate operator. This confirms that "Endpoint" is the correct type and that the process is direct

without requiring additional authorization sources. (Refer to the configuration examples for "Creating an Enforcement Policy" within the guide).

2. ClearPass Policy Manager 6.11 User Guide: In the chapter on "Configuring Enforcement Policies

" the process of adding rules is detailed. The "Type" dropdown menu for a rule condition includes "Endpoint

" which allows access to all attributes stored for a device in the Endpoints Repository

including synchronized tags from Device Insight. The guide clarifies that the Endpoints Repository is a built-in authorization source. (Refer to the section "Adding and Modifying Rules for an Enforcement Policy").