Juniper Mist Access Assurance Datasheet

Most importantly, Access Assurance provides end-to-end connectivity troubleshooting in a unified view from the client, network infrastructure, and access control perspective, dramatically simplifying Day 2 support. IT admins gain a cohesive view of the end user experience and can determine whether poor experiences are due to client configuration, network infrastructure, authentication, or a service.

Access Assurance is delivered through Juniper Mist cloud and powered by Mist AI. The microservices architecture ties together high availability, redundancy, and autoscaling for optimal network access across wired, Wi-Fi, and wide area networks. Using geo-awareness, Access Assurance automatically redirects authentication requests from different regions to the nearest Access Assurance instance to provide minimal latency and the best end user experience.

Access Assurance provides an authentication service by integrating external directory services, like Google Workspace, Microsoft Azure AD, Okta Identity, and others. It also integrates external Public Key Infrastructure (PKI) and Mobile Device Management (MDM) providers, such as Jamf, Microsoft Intune, and others, to provide granular user and device identification to enforce identity-based, Zero Trust network access control.

Access Assurance provides a unified view of the client connectivity experience and can easily identify a problem and perform root cause analysis. All client events, including connection and authentication successes and failures, are captured by Juniper Mist cloud. With this data, Juniper Mist cloud helps simplify day-to-day operations by easily identifying if an end user connectivity issue is caused by a client configuration mistake, network infrastructure and service problems, or authentication policy configuration issues. The Juniper Mist service level expectations (SLEs) for wired and wireless clients are enhanced to include network access events, such as authentication events, certificate validations, and more.

Access Assurance is tightly integrated with Juniper Mist cloud, providing full-stack management and day-to-day operations for Wi-Fi Assurance, Wired Assurance, SD-WAN Assurance, and Access Assurance in one dashboard for end-to-end visibility. The Marvis^™ AI engine leverages data from multiple sources for anomaly detection to provide actionable metrics. Through the dashboard, users can:

• Create and apply access policies that ensure only authorized devices and users are allowed network access
• Assign users and devices to the correct network segment
• Prevent users and devices from accessing restricted resources
• Add and modify certificates and certificate authorities
• Configure identity providers
• Monitor client activity across the organization

Access Assurance is capable of granular identity fingerprinting based on X.509 certificate attributes. It also uses identity provider (IdP) information like group membership, user account state, MDM compliance state, client lists, and user location for fingerprinting. The resulting user and device fingerprint provides an identity vector for accurate policy assignment within the Zero Trust principles.

Based on user and device identity, Access Assurance can instruct the network to assign a user to a specific network segment (VLAN or a group-based policy tag), as well as enforce network policy by assigning a user role. Such roles can be leveraged in the Juniper Mist WxLAN policy framework or switch policies.

With Access Assurance, organizations gain reliable and low-latency network access control of their networks in single and multisite deployments. Juniper has deployed cloud instances of its network access control cloud service in multiple regional locations. In multisite deployments, authentication traffic coming from the network infrastructure is automatically directed to the nearest Access Assurance instance. Latency is minimized and users enjoy an exceptional wireless experience. This automated process is fully transparent to users and requires no involvement from the IT team. Organizations are assured reliable, redundant network access for client devices, regardless of the state of the nearest regional instance.

The Juniper Mist microservices-based cloud architecture keeps Access Assurance optimized with the most advanced technologies. New features, security patches, and updates are automatically added to Access Assurance on a bi-weekly basis without interruptions or service downtime. This capability dramatically simplifies and improves service operations for network IT administrators, eliminating lengthy software upgrades and service downtime. Juniper can easily deploy new features and functions to its cloud-based services, bringing advancements to market more rapidly and continuously improving your client-to-cloud experience.

Access Assurance is paired with Juniper Mist IoT Assurance to build out controls for onboarding and management of corporate devices with 802.1X authentication and MAC-less onboarding of non-802.1X IoT and BYOD devices. IoT Assurance capabilities simplify IT operations and secure connections for headless IoT and BYOD devices via a Multiple Pre-Shared Key (MPSK) mechanism. It incorporates a full suite of access control functionality leveraging MPSK or Private Pre-Shared Key (PPSK) as a new type of identity and policy vector.

IoT Assurance also provides PSK Portal creation, enabling BYOD onboarding workflows by automating PSK generation based on user identity, leveraging Security Assertion Markup Language (SAML) for an SSO experience. It enables seamless client device onboarding via mobile QR code or by typing a personalized passphrase without installing any client software.

Access Assurance subscriptions include IOT Assurance functionality for simple access control for all clients and devices on your network, no matter how they connect.

Marvis Virtual Network Assistant uses Mist AI to help IT teams interact and engage with their networks. The Marvis AI engine binds together Access Assurance with other Juniper Mist cloud-based services, such as Wired Assurance, Wi-Fi Assurance, and WAN Assurance, helping the operations team move closer to achieving The Self-Driving Network^™ with simplified troubleshooting and performance analysis.

Using features powered by Mist AI, help desk staff and network administrators can simply ask a question in natural language and get actionable insights using the Marvis Conversational Interface that helps them identify and solve network issues. Marvis brings proactive anomaly detection into the SLE dashboard. With Marvis Actions, staff gain proactive, actionable insights to identify network access issues across the full stack, providing recommendations for user connectivity issues. This provides our customers with easy root cause analysis across the full network stack and authentication services.

Access Assurance service is 100% based on public Representational State Transfer (REST) APIs that allow easy integration with external security information and event management (SIEM) or IT service management systems or other platforms for both configuration and policy assignment. These APIs provide the capability to invoke actions based on user or external events, as well as for using the cloud-native Webhook framework. Overall, the Juniper Mist platform is 100% programmable, using open APIs, for full automation and seamless integration with complementary Juniper access, wired, wireless, WAN, security, user engagement, and asset visibility solutions.

The Access Assurance service is provided as a subscription, based on the average concurrently active client devices seen over a 7-day period.

Standard subscriptions include all network access control capabilities from within the Juniper Mist Cloud.

Advanced subscriptions add client posture checking (UEM/EMM/MDM) and firewall Integrations to the standard Access Assurance capabilities.

Juniper Networks believes that connectivity is not the same as experiencing a great connection. Juniper's AI-Native Networking Platform is built from the ground up across the AIOps layer and our systems to fully harness the power of AI. From real-time fault isolation to proactive anomaly detection and self-driving corrective actions, it provides campus, branch, data center, and WAN operations with next-level predictability, reliability, and security. Additional information can be found at Juniper Networks (www.juniper.net) or connect with Juniper on X (Twitter), LinkedIn, and Facebook.

1000769 - 003 - EN MAY 2024