https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601340#M530203 <HTML><HEAD></HEAD><BODY><P>Thanks Jason,</P><P></P><P>Is there email validation if it is a self-registration flow?</P><P></P><P>Guest user completes the form but fills in an invalid email of the Person being visited. This flow doesn't require approval, but there is still a required email field of the Person being visited. Is this email validated against AD/LDAP?</P><P></P><P>The customer is considering enabling the self-registration flow with no approval required, but doesn't want any person to be sitting in parking lot within RF range of the Guest SSID and able to complete the self-registration process with a bogus email address. </P></BODY></HTML> Thu, 13 Apr 2017 02:01:48 GMT bechong 2017-04-13T02:01:48Z https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601338#M530194 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 11pt;">In the slide below, what does “Supported with internal &amp; AD/LDAP email addresses? Does this mean the email of the Person being visited will be verified against AD/LDAP? So Guest cannot simply enter <A href="mailto:JohnDoe@XYZ.com" style="color: #954f72; text-decoration: underline;">JohnDoe@XYZ.com</A> if they implement the Self-Registration workflow?</SPAN></P><P><SPAN style="font-size: 11pt;"><BR /></SPAN></P><P><SPAN style="font-size: 11pt;"><BR /></SPAN></P><P><SPAN style="font-size: 11pt;"><IMG alt="ISE2.2 guest.png" class="image-1 jive-image" src="/legacyfs/online/fusion/106238_ISE2.2 guest.png" style="height: 336px; width: 620px;" /><BR /></SPAN></P></BODY></HTML> Wed, 12 Apr 2017 19:31:55 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601338#M530194 bechong 2017-04-12T19:31:55Z https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601339#M530199 <HTML><HEAD></HEAD><BODY><P>This means when you enable single click sponsor approval it will validate that the person being visited email address belongs to a valid sponsor</P><P></P><P>This flow will only work for those sponsors in active directory LDAP or internal use your account it will not work for the SAML</P></BODY></HTML> Wed, 12 Apr 2017 20:12:20 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601339#M530199 Jason Kunst 2017-04-12T20:12:20Z https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601340#M530203 <HTML><HEAD></HEAD><BODY><P>Thanks Jason,</P><P></P><P>Is there email validation if it is a self-registration flow?</P><P></P><P>Guest user completes the form but fills in an invalid email of the Person being visited. This flow doesn't require approval, but there is still a required email field of the Person being visited. Is this email validated against AD/LDAP?</P><P></P><P>The customer is considering enabling the self-registration flow with no approval required, but doesn't want any person to be sitting in parking lot within RF range of the Guest SSID and able to complete the self-registration process with a bogus email address. </P></BODY></HTML> Thu, 13 Apr 2017 02:01:48 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601340#M530203 bechong 2017-04-13T02:01:48Z https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601341#M530206 <HTML><HEAD></HEAD><BODY><P>NO there is no lookup of the person being visited&nbsp; less using single click</P><P></P><P>frankly I don't see the value as someone could easily find a company email address unless it was limited to a select few accounts even then it's better to use approval for that</P><P></P><P>instead why not use the self registration page access code to protect the portal?</P><P></P><P>if customer insist on having directory lookup with approval then please work offline with me by sending customer name as we have it on a list of features </P></BODY></HTML> Thu, 13 Apr 2017 11:24:34 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-guest-features-quot-supported-with-internal-ad-ldap/m-p/3601341#M530206 Jason Kunst 2017-04-13T11:24:34Z