https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3917322#M457365 <P>Is it not possible to get a list/report of all sponsor created guest accounts from ISE?</P><P>I don't want passwords just a list that includes usefull info like account expiration date.</P><P>&nbsp;</P><P>I can't imagine that this is not useful for companies auditing purposes.</P><P>&nbsp;</P><P>I note there are some ideas around enabling a REST API etc. but this requires programming knowledge etc. and also ensuring that certain port numbers are accessible on the ISE Admin IP Address and is certainly not for the faint hearted.</P><P>&nbsp;</P><P>Surely not beyound the capabilities of the ISE team to provide such a simple report.</P> Sun, 01 Sep 2019 12:48:05 GMT Scott Gillies 2019-09-01T12:48:05Z https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3917322#M457365 <P>Is it not possible to get a list/report of all sponsor created guest accounts from ISE?</P><P>I don't want passwords just a list that includes usefull info like account expiration date.</P><P>&nbsp;</P><P>I can't imagine that this is not useful for companies auditing purposes.</P><P>&nbsp;</P><P>I note there are some ideas around enabling a REST API etc. but this requires programming knowledge etc. and also ensuring that certain port numbers are accessible on the ISE Admin IP Address and is certainly not for the faint hearted.</P><P>&nbsp;</P><P>Surely not beyound the capabilities of the ISE team to provide such a simple report.</P> Sun, 01 Sep 2019 12:48:05 GMT https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3917322#M457365 Scott Gillies 2019-09-01T12:48:05Z https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3917362#M457367 <P>Hi Scott,</P> <P>&nbsp;</P> <P>We have an enhancement filed for this request:<BR /><STRONG>ENH: Export Guest Accounts Configured in ISE</STRONG><BR /><STRONG>CSCty82007</STRONG></P> <P><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCty82007/?reffering_site=dumpcr" target="_self">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCty82007/?reffering_site=dumpcr</A></P> <P>&nbsp;</P> <P>REST API is a request and response method that doesn't necessarily require advanced programming skills.</P> <P>Here is a post that might be helpful:</P> <P><A href="https://community.cisco.com/t5/policy-and-access/cisco-ise-2-3-export-guest-account/td-p/3363740" target="_self">https://community.cisco.com/t5/policy-and-access/cisco-ise-2-3-export-guest-account/td-p/3363740</A></P> <P><BR />Regards,</P> <P>Dinesh Moudgil</P> <P>&nbsp;</P> <P>P.S. Please rate helpful posts.</P> Sun, 01 Sep 2019 16:07:17 GMT https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3917362#M457367 Dinesh Moudgil 2019-09-01T16:07:17Z https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3918428#M457369 Right and I have asked for the ISE Export guest list functionality. Please reach out to <A href="http://cs.co/ise-feedback" target="_blank">http://cs.co/ise-feedback</A> and provide the request Tue, 03 Sep 2019 19:34:45 GMT https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3918428#M457369 Jason Kunst 2019-09-03T19:34:45Z https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3918714#M457370 <P>Hi</P><P>&nbsp;</P><P>Thanks. After adding some corrections etc. I now have a Python script that obtains all the Guest data into a CSV file.</P><P>&nbsp;</P><P>The only issue is that you have to ensure you can access port 9060 via https so if you have firewalls etc. then ensure they allow the traffic.</P><P>&nbsp;</P><P>Thanks every one.</P> Wed, 04 Sep 2019 08:27:57 GMT https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3918714#M457370 Scott Gillies 2019-09-04T08:27:57Z https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3918857#M457373 If you can share the script that will help us out<BR /> Wed, 04 Sep 2019 12:05:59 GMT https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3918857#M457373 Jason Kunst 2019-09-04T12:05:59Z https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3919673#M457375 <P>This is useful link.</P><P><A href="https://developer.cisco.com/docs/identity-services-engine/#!setting-up/cisco-ise" target="_self">https://developer.cisco.com/docs/identity-services-engine/#!setting-up/cisco-ise</A></P><P>&nbsp;</P><P>Try this</P><P>&nbsp;</P><P>import http.client<BR />import base64<BR />import ssl<BR />import sys<BR />import json<BR />import sys<BR />import getpass</P><P>&nbsp;</P><P><BR /># host and authentication credentials<BR />host = "&lt;IP Address&gt;"<BR />user = "&lt;Admin username - remember to add the 'ERS Admin' group to the Admin User account and enable the 'Access Cisco ISE guest accounts using the programmatic interface (Guest REST API)' on the appropriate Sponsor Group.&gt;"<BR />password = "&lt;Password&gt;"</P><P># OR Challenge the user for the appropriate<BR />#host = input("Host IP:")<BR />#user = input("Username:")<BR />#password = getpass.getpass()</P><P>conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))</P><P>creds = str.encode(':'.join((user, password)))<BR />encodedAuth = bytes.decode(base64.b64encode(creds))</P><P>headers = {<BR />'accept': "application/json",<BR />'authorization': " ".join(("Basic",encodedAuth)),<BR />'cache-control': "no-cache",<BR />}</P><P>conn.request("GET", "/ers/config/guestuser/", headers=headers)</P><P>#conn.request("GET", "/ers/config/adminuser/", headers=headers)</P><P>res = conn.getresponse()<BR />print(res.status, res.reason)<BR />data = res.read()</P><P>if res.status ==401:<BR />print("Connection unauthorised - Exit")<BR />sys.exit()<BR />elif res.status == 200:<BR />Rawjsondata = json.loads(data.decode("utf-8"))<BR />blob = Rawjsondata["SearchResult"]["resources"]<BR />print("Guest Entry Count = " +str(len(blob)))<BR />for item in blob:<BR />print(item["name"],",",end='')# print the guest username<BR />conn.request("GET", item["link"]["href"], headers=headers) #Fetch the guest details data<BR />res = conn.getresponse()<BR />data = res.read()<BR />Rawjsondata = json.loads(data.decode("utf-8"))<BR />subblob = Rawjsondata["GuestUser"] # This is the Guest detail containing stuff we want<BR />print(subblob["guestType"],",",end='') # Guest Type<BR />print(subblob["status"],",",end='') # Guest account status<BR />print(subblob["guestInfo"]["lastName"],",",end='') # Last name<BR />print(subblob["guestInfo"]["firstName"],",",end='') # First name<BR />print(subblob["guestInfo"]["emailAddress"],",",end='') # Login username - this is the final item<BR />print(subblob["guestAccessInfo"]["validDays"],",",end='') # Valid Days<BR />print(subblob["guestAccessInfo"]["fromDate"],",",end='') # From<BR />print(subblob["guestAccessInfo"]["toDate"],",",end='') # To</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 05 Sep 2019 14:51:58 GMT https://community.cisco.com/t5/network-access-control/ise-sponsored-guest-accounts-list-via-a-report/m-p/3919673#M457375 Scott Gillies 2019-09-05T14:51:58Z