Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3034
Views
0
Helpful
9
Replies

Preventing sponsor from creating guest account using certain email domains

Go to solution
scott.stapleton
Level 1
Level 1

‎08-05-2019 06:58 AM - edited ‎08-05-2019 06:59 AM

I want to prevent sponsors from entering an email addresses for the sponsored account that contains a few domains (e.g. - @example.com).

 

I didn't have luck using the first script detailed here:

https://community.cisco.com/t5/security-documents/ise-sponsor-portal-create-known-accounts-page-customization/ta-p/3636414#toc-hId--1080596999

 

I had more luck using the second lot of 3 x scripts. However they are written for the person being visited; not the email of the sponsored guest. I've modified the script so that it works on the email address field.

 

One problem remains; it does the opposite of what it is supposed to do. It is supposed to prevent users entering corporate domain email adddresses (i.e. - black-listing certain domains) but instead it only allows the domains listed in the script (white-listing).

 

How can the script be changed so that the domains listed in the script are prevented?

 

See below:

 

email address script issues - 1.png

email address script issues - 2.png

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
sivsivar
Cisco Employee
Cisco Employee

‎08-10-2019 08:38 AM - edited ‎08-10-2019 08:44 AM

Hi Scott,

Please check the script in the below community page under heading "Restrict the email address entered when creating a known account".

https://community.cisco.com/t5/security-documents/ise-sponsor-portal-create-known-accounts-page-customization/ta-p/3636414

View solution in original post

0 Helpful

Go to solution
sivsivar
Cisco Employee
Cisco Employee
In response to scott.stapleton

‎08-13-2019 01:07 AM

Hi Scott,

 

can you please try the below script.

<script> 
    $(document).on("pageshow", function(){ 
        setTimeout(function() {
            $('.emailAddress').val("");
            var domains = ["domain1.com","domain2.net","domain3.com"];
 
            function validateDomain(me){
                var idx1 = me.target.value.indexOf("@");
                if(idx1>-1){
                    var splitStr = me.target.value.split("@");
                    if(domains.indexOf(splitStr[1])>-1){
                        me.target.value="";
                        alert("Enter a valid email address.");
                        return false;
                    }
                }
            }
 
            $(function () {
                $('.emailAddress').blur(function (ele) {
                    validateDomain(ele);
                });
            });
        }, 5000);
    }); 
</script>

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎08-05-2019 09:17 AM

Researching for updated script
0 Helpful

Go to solution
scott.stapleton
Level 1
Level 1
In response to Jason Kunst

‎08-06-2019 01:30 AM

Cheers Jason.

0 Helpful

Go to solution
scott.stapleton
Level 1
Level 1
In response to Jason Kunst

‎08-08-2019 06:00 AM

@Jason Kunst Did you have any luck chasing down a script?

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to scott.stapleton

‎08-08-2019 06:24 AM

Still working on it. I was on vacation. Should hopefully have this week
0 Helpful

Go to solution
scott.stapleton
Level 1
Level 1
In response to Jason Kunst

‎08-08-2019 07:41 AM

Great - thanks.

0 Helpful

Go to solution
sivsivar
Cisco Employee
Cisco Employee

‎08-10-2019 08:38 AM - edited ‎08-10-2019 08:44 AM

Hi Scott,

Please check the script in the below community page under heading "Restrict the email address entered when creating a known account".

https://community.cisco.com/t5/security-documents/ise-sponsor-portal-create-known-accounts-page-customization/ta-p/3636414

0 Helpful

Go to solution
scott.stapleton
Level 1
Level 1
In response to sivsivar

‎08-12-2019 04:17 AM - edited ‎08-12-2019 04:18 AM

Thanks - this works although I did need to change the .personBeingVisited to .emailAddress.

One issue however; the script works based on domain; not FQDN. Therefore it blocks domain1.com and domain1.net. I only want it to block domain1.com. I'm unable to specify the FQDN; if I do the script doesn't work. Can it be modified so that the FQDN and not just the domain can be entered?

0 Helpful

Go to solution
sivsivar
Cisco Employee
Cisco Employee
In response to scott.stapleton

‎08-13-2019 01:07 AM

Hi Scott,

 

can you please try the below script.

<script> 
    $(document).on("pageshow", function(){ 
        setTimeout(function() {
            $('.emailAddress').val("");
            var domains = ["domain1.com","domain2.net","domain3.com"];
 
            function validateDomain(me){
                var idx1 = me.target.value.indexOf("@");
                if(idx1>-1){
                    var splitStr = me.target.value.split("@");
                    if(domains.indexOf(splitStr[1])>-1){
                        me.target.value="";
                        alert("Enter a valid email address.");
                        return false;
                    }
                }
            }
 
            $(function () {
                $('.emailAddress').blur(function (ele) {
                    validateDomain(ele);
                });
            });
        }, 5000);
    }); 
</script>
0 Helpful

Go to solution
scott.stapleton
Level 1
Level 1
In response to sivsivar

‎08-14-2019 12:26 AM

This worked well; thanks very much.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents