Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5766
Views
0
Helpful
4
Replies

Cisco guest access session timeout

Go to solution
jthombs1016
Level 1
Level 1

‎03-19-2019 05:53 AM

Hello all

Is it possible adjust session timeout for Guest user  authentication  so the guest only have to authentication  every 24 Hours ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul
Level 10
Level 10

‎03-19-2019 07:23 AM

The session timeout won't help you.  You should be using the identity group purge process to dictate how often the guests have to authenticate to the portal.  Your guest endpoints are mapped to an identity group which is allowed to have Internet access.  How often you purge that identity group is how often the guest will have to see the portal.

 

You can also do rules based on last AUP acceptance times as well, but the endpoint purge process is the cleanest way to do the guest setup in my opinion.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
paul
Level 10
Level 10

‎03-19-2019 07:23 AM

The session timeout won't help you.  You should be using the identity group purge process to dictate how often the guests have to authenticate to the portal.  Your guest endpoints are mapped to an identity group which is allowed to have Internet access.  How often you purge that identity group is how often the guest will have to see the portal.

 

You can also do rules based on last AUP acceptance times as well, but the endpoint purge process is the cleanest way to do the guest setup in my opinion.

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to paul

‎03-20-2019 05:35 AM

What Paul says is true but only if you are using the Endpoint Identity Group as an Authorization rule (the so-called "Remember Me" feature).  You can avoid the Endpoint Identity Group entirely and rely rather on the status of the Guest Flow attribute.  This is set to true after a successful Web Auth and remains so as long as the session is alive.  Namely, if you set the Session-Timeout to 24 hours, then the user will not see the portal again.  After 24 hours the Accounting stop from the NAS will terminate the session, and hence set Guest Flow to False.  The authorization policy will redirect the user to the portal.

0 Helpful

Go to solution
BrianPersaud
Spotlight
Spotlight
In response to Arne Bier

‎06-17-2019 12:01 PM

@Arne Bier wrote:

What Paul says is true but only if you are using the Endpoint Identity Group as an Authorization rule (the so-called "Remember Me" feature).  You can avoid the Endpoint Identity Group entirely and rely rather on the status of the Guest Flow attribute.  This is set to true after a successful Web Auth and remains so as long as the session is alive.  Namely, if you set the Session-Timeout to 24 hours, then the user will not see the portal again.  After 24 hours the Accounting stop from the NAS will terminate the session, and hence set Guest Flow to False.  The authorization policy will redirect the user to the portal.

Where do I set the session-timeout to 24 hours?

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to BrianPersaud

‎06-17-2019 02:06 PM

Please look at the prescriptive guest guide it goes over these options

Guest remember me feature talks about the sleeping client

http://cs.co/ise-guest


https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/wlan_timeouts.html



0 Helpful
Customers Also Viewed These Support Documents