cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

394
Views
0
Helpful
3
Replies
Cisco Employee

ISE 2.2 guest features...."Supported with internal & AD/LDAP email address"

In the slide below, what does “Supported with internal & AD/LDAP email addresses? Does this mean the email of the Person being visited will be verified against AD/LDAP? So Guest cannot simply enter JohnDoe@XYZ.com if they implement the Self-Registration workflow?



ISE2.2 guest.png

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE 2.2 guest features...."Supported with internal & AD/LDAP email address"

This means when you enable single click sponsor approval it will validate that the person being visited email address belongs to a valid sponsor

This flow will only work for those sponsors in active directory LDAP or internal use your account it will not work for the SAML

View solution in original post

3 REPLIES 3
Cisco Employee

Re: ISE 2.2 guest features...."Supported with internal & AD/LDAP email address"

This means when you enable single click sponsor approval it will validate that the person being visited email address belongs to a valid sponsor

This flow will only work for those sponsors in active directory LDAP or internal use your account it will not work for the SAML

View solution in original post

Highlighted
Cisco Employee

Re: ISE 2.2 guest features...."Supported with internal & AD/LDAP email address"

Thanks Jason,

Is there email validation if it is a self-registration flow?

Guest user completes the form but fills in an invalid email of the Person being visited. This flow doesn't require approval, but there is still a required email field of the Person being visited. Is this email validated against AD/LDAP?

The customer is considering enabling the self-registration flow with no approval required, but doesn't want any person to be sitting in parking lot within RF range of the Guest SSID and able to complete the self-registration process with a bogus email address.

Cisco Employee

Re: ISE 2.2 guest features...."Supported with internal & AD/LDAP email address"

NO there is no lookup of the person being visited  less using single click

frankly I don't see the value as someone could easily find a company email address unless it was limited to a select few accounts even then it's better to use approval for that

instead why not use the self registration page access code to protect the portal?

if customer insist on having directory lookup with approval then please work offline with me by sending customer name as we have it on a list of features