topic Re: restrict AD group on guest self-reg portal with remember me option enabled in Network Access Control

restrict AD group on guest self-reg portal with remember me option enabled

Paolo Bratti — Wed, 19 Dec 2018 08:41:30 GMT

Hi,
I want to restrict AD group (VIPUserMAB) on guest self-reg portal with remember me option enabled; how can i do this?

is it possible?

Re: restrict AD group on guest self-reg portal with remember me option enabled

Surendra — Wed, 19 Dec 2018 12:08:16 GMT

Can you please explain the use case in detail ?

Re: restrict AD group on guest self-reg portal with remember me option enabled

Timothy Abbott — Wed, 19 Dec 2018 16:51:01 GMT

The problem you are going to run into is that the authentication is for the endpoint and not the user since user credentials are not apart of the MAB process. The way you currently have policy configured is to allow any MAC address in the VIPUserMAB endpoint identity group will receive the GuestPermit authorization result (if you were to enable it). There is no username component to the authorization rule and because the use case is wireless MAB, you won't receive a username. Just the MAC address.

Regards,

-Tim

Re: restrict AD group on guest self-reg portal with remember me option enabled

Jason Kunst — Wed, 19 Dec 2018 23:19:30 GMT

@Timothy Abbott is correct. there is no way to mix REMEMBER ME based of MAB endpoint group and Active directory group.

There is a way to do it but its a little crude.

Check out special flows

http://cs.co/ise-guest

Re: restrict AD group on guest self-reg portal with remember me option enabled

Paolo Bratti — Thu, 27 Dec 2018 07:59:04 GMT

@Jason Kunst wrote:

@Timothy Abbott is correct. there is no way to mix REMEMBER ME based of MAB endpoint group and Active directory group.

There is a way to do it but its a little crude.

which one?

Re: restrict AD group on guest self-reg portal with remember me option enabled

Jason Kunst — Thu, 27 Dec 2018 21:18:16 GMT

Which one suits you. Did you look over the options?