[EDIT] How to retrieve the portal ID of a guest account?

Gioacchino — Wed, 27 Mar 2024 10:48:06 GMT

We have two ISE ecosystems different and isolated (2.7 and 3.2)
I must migrate guest accounts from one system to the other one.
On 2.7 we have two sponsorportals and so it is on 3.2.
I managed to retrieve captive portal users through a python script of mine.

Though I see that this page reports that the portal ID (I guess the sponsor portal) is present in the REST-API reply, I don't see it.

https://developer.cisco.com/docs/identity-services-engine/v1/#!guestuser

I have also noticed that we my AD user I can retrieve the user lists through ERS, but to get the sponsor portals IDs, I must use a super admin internal account.
I suspect that, since the user used to retrieve the users list might be restricted to just one sponsor portal , ERS correctly think that I don't need the portal ID.
Here I read:

"You can use the default ISE admin account for ERS APIs since it has SuperAdmin privileges. However, it is recommended to create separate users with the ERS Admin (Read/Write) or ERS Operator (Read-Onlly) privileges to use the ERS APIs so you can separately track and audit their activities."

https://community.cisco.com/t5/security-knowledge-base/ise-ers-api-examples/ta-p/3622623#toc-hId-746822939

but honestly it doesn't seem to work that way.

So, from my induction reasoning, a super admin is not automatically granted the rights to manage the guest users of a sponsor portal, but it might be specifically assigned; I haven't found a way trhough.

I'm facing many variable things here, and since I'm quite new to ISE from this perspective, I may need the help of sombody who's more expert on this topic, to eliminate non-significant information.

Any help/idea/advise will be very much appreciated.

Gio

Re: [EDIT] How to retrieve the portal ID of a guest account?

Gioacchino — Wed, 27 Mar 2024 16:12:30 GMT

On-going troubleshooting with TAC...

Re: [EDIT] How to retrieve the portal ID of a guest account?

SingularTruth — Tue, 16 Apr 2024 19:51:23 GMT

Hi, this is interesting. How it your troubleshooting with TAC going?

Re: [EDIT] How to retrieve the portal ID of a guest account?

Gioacchino — Thu, 18 Apr 2024 16:22:57 GMT

API queries were run against 4 different versions of ISE (2.7, 3.1, and 3.2 different patches).
ISE clearly replies with no portalID in all the cases.
The documentation says something different.
I'm still waiting for feedback.

Re: [EDIT] How to retrieve the portal ID of a guest account?

Gioacchino — Tue, 23 Apr 2024 15:26:31 GMT

Eventually they pointed me to a bug, that states that the documentation is wrong.

topic [EDIT] How to retrieve the portal ID of a guest account? in Network Access Control

[EDIT] How to retrieve the portal ID of a guest account?

Re: [EDIT] How to retrieve the portal ID of a guest account?

Re: [EDIT] How to retrieve the portal ID of a guest account?

Re: [EDIT] How to retrieve the portal ID of a guest account?

Re: [EDIT] How to retrieve the portal ID of a guest account?