I have self-registration and sponsored guest portals defined on our guest networks. I would like to allow self-registered guest users to not to enter credentials on the guest login portal for specific period of time.
Is there a logic in ISE policy that I can use to permit access to the users for certain number of days based on their last successful login on the portal?
Try to use double portals (e.g. hotspot and self-registration) with two endpoint identity groups along with purge policies. For example, you keep users in group A which will be matched and allowed access. Then after x days purge group A which makes the users hit hotspot portal and set in group B. Group B will be blocked from access. After Y days purge group B which makes the users enroll again in group A and so on.
Not straight forward but give it a try. This might give you some thought.
You can enable device registration and add these devices in to endpoint group (Under guest portal, Guest Device Registration Settings > Automatically register guest devices). Make ISE authorization policy to permit guest access based on the endpoint group so user is not prompted to login. Then setup endpoint purge policy to purge the endpoints after 30 days. Once purged the user will need to login again and the 30 days timer kicks in again.
Let me ask the question other way. Is there a timestamp attribute on ISE that gets triggered, when user enters credentials on the login portal? I would like to use that timestamped attribute and write policy to white list the users for the next 30 days.