The Unified Policy Authentication Manager (UPAM) is a unified access management platform for Stellar AP Series devices. UPAM supports both Captive Portal server and RADIUS server; and can be used to implement MAC authentication and Captive Portal authentication. User Profiles can be supported in the OmniVista database or on external servers. The following applications are used to configure and monitor the UPAM platform and are accessible by clicking on Network Access > UPAM-NAC under the “Configure” section of the OmniVista Cirrus Menu:
Access Policies - Displays information about configured UPAM Access Policies and is used to create, edit, and delete Access Policies. Access Policies define the mapping conditions for an authentication strategy. Through Access Policy configuration, an authentication strategy can be applied to different user groups, which can be divided by SSID or other attributes.
Guest Access - The UPAM Guest Access application is used to manage guest users accessing the network. Guest Access service is based on the captive portal authentication. The following screens are used to monitor and configure the Guest Access application:
Guest Access Strategy - Displays information about configured Guest Access Strategies and is used to configure access attributes for guest users.
Guest Accounts - Display all configured Guest accounts in the UPAM network and is used to create the login accounts for the Guest users. If self-registration is not enabled, you can manually create a login account for a guest user and relay the information to the guest user.
Guest Devices - Displays all authenticated online devices as well as all devices that were previously on the network and are stored in UPAM.
Self-Registration Requests - Displays a list of self-registration requests from Guest users and is used to review, approve or reject self-registration requests.
Guest Operators - Displays a list of Guest Operators and is used to configure the Guest Operators in the UPAM network. A Guest Operator is a network operator who manages the guest user network access.
BYOD Access Strategy - Displays information about configured BYOD Access Strategies to configure access attributes for BYOD users. The screen can be used to create, edit, and delete BYOD Access Strategies. The UPAM BYOD Access application is used to manage employee BYOD devices. BYOD service is based on Captive Portal authentication.
NAS Clients - Displays information about configured NAS Clients and is used to create, edit, and delete NAS Clients. NAS acts as a gateway to guard access to a network resource. A client connects to the NAS, and the NAS then connects to an AAA Server to determine whether or not the client’s supplied credentials are valid. The NAS then allows or denies access to the network resource. The network device in the infrastructure attaching with wireless clients will act as a NAS client, communicating to UPAM which acts as a AAA Server.
Role Mapping for On-Premises LDAP - Displays information about configured mappings and is used to create, edit, and delete mappings. The Role Mapping for On-Premises LDAP screen allows you to assign different Access Role Profiles and Policy Lists to different sub-user groups by creating mapping rules based on user attributes. For example, you could assign a Premium Access Role Profile with larger bandwidth to the VIP group in LDAP.
Captive Portal Templates - Displays all configured Captive Portal templates and is used to create, edit, and delete Captive Portal templates. A Captive Portal template defines the login page that is presented to the user for Guest and BYOD login.
Certificates - Displays information about UPAM RADIUS Server certificates and RadSec client certificates. The Certificates screen is also used to add, download, and delete certificates in the UPAM RADIUS Server for 802.1X or TLS authentication.
Additional Trust CA - Displays information about all RADIUS Trust CAs and RadSec Trust CAs in the UPAM Trust RADIUS Store. This screen is also used to add, download, and delete Trust CAs for client authentication.
External RADIUS Server - Displays information about External RADIUS Servers that are configured for UPAM to use for authentication. The External RADIUS Server screen can be used to create, edit, and delete external RADIUS servers.
Email & SMS - The SMS and Email for Guest Access Strategy screen lists the pre-defined content templates used for SMS text messages and Emails sent from OmniVista Cirrus. Emails/messages are sent during certain user-interactions, such as self-registration or the user forgot their password.