Aruba ClearPass

Interact with Aruba ClearPass API

Actions34

Overview

This node integrates with the Aruba ClearPass API to manage guest user accounts within the "Identities" domain. Specifically, the "Create" operation for the "Guest Users" resource allows users to programmatically create new guest user accounts in ClearPass. This is useful in scenarios such as onboarding temporary network guests, managing visitor access, or automating account provisioning workflows.

Practical examples include:

Automatically creating guest Wi-Fi accounts for visitors at a corporate event.
Integrating with a visitor management system to provision network access upon check-in.
Automating sponsor-based guest account creation with specific roles and expiration times.

Properties

Name	Meaning
Domain	API domain to access. Options: Identities, Policy Elements, Enforcement Profile. For this operation, must be "Identities".
Username	The username of the guest account to create.
Password	Password for the guest account.
Role ID	Numeric ID of the role assigned to the guest account (default typically corresponds to a Guest role).
Sponsor Name	Name of the sponsor responsible for the guest account.
Sponsor Profile	Profile information of the sponsor.
Account State	Boolean indicating whether the account is enabled (true) or disabled (false).
Start Time	ISO 8601 formatted date-time string specifying when the account becomes active/enabled.
Expire Time	ISO 8601 formatted date-time string specifying when the account expires.
Additional Fields	Collection of optional fields to provide extra details about the guest account: - Email address - MAC address of guest device - Notes/comments - Number of simultaneous sessions allowed - Expiration action (disable, delete, etc.) - Sponsor email - Visitor's full name, company, phone - Custom JSON fields for any other data
Change of Authorization	Boolean flag indicating whether to update the network state using Disconnect-Request or Change of Authorization (CoA) Request when modifying the account.

Output

The node outputs an array of items where each item contains a json object representing the response from the ClearPass API after creating the guest user. This typically includes details of the created guest user account such as username, status, role assignment, timestamps, and any server-generated identifiers.

If the operation fails and "Continue on Fail" is enabled, the output will contain an error message inside the json.error field.

No binary data output is produced by this node.

Dependencies

Requires an API key credential configured in n8n to authenticate with the Aruba ClearPass API.
The node depends on the ClearPass API being accessible and properly configured to accept requests for guest user management.
Proper permissions are needed on the API key to perform guest user creation.

Troubleshooting

Common issues:
- Authentication failures due to invalid or missing API credentials.
- Validation errors if required fields like username, password, or sponsor details are missing or malformed.
- Role ID not existing or insufficient permissions to assign the specified role.
- Date/time fields not in correct ISO 8601 format causing API rejection.
- Network connectivity issues preventing API calls.
Error messages:
- Errors returned from the ClearPass API will be logged and can appear in the output if "Continue on Fail" is enabled.
- Typical error messages include authentication errors, validation failures, or permission denials.
Resolutions:
- Verify API credentials and permissions.
- Ensure all required fields are provided and correctly formatted.
- Confirm that the role ID exists and is valid.
- Check network connectivity and ClearPass API endpoint availability.

Links and References

Aruba ClearPass API Documentation (official): https://www.arubanetworks.com/techdocs/ClearPass/latest/API/
ClearPass Guest User Management Guide (for understanding guest user lifecycle and properties)
n8n Documentation on Credentials and HTTP Request nodes for API integration basics