Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2025
Views
5
Helpful
4
Replies

Allow GUEST users to not to login

varma10
Level 1
Level 1

‎09-03-2021 07:33 PM - edited ‎09-03-2021 07:34 PM

I have self-registration and sponsored guest portals defined on our guest networks. I would like to allow self-registered guest users to not to enter credentials on the guest login portal for specific period of time. 

 

Is there a logic in ISE policy that I can use to permit access to the users for certain number of days based on their last successful login on the portal? 

1 person had this problem
0 Helpful
4 Replies 4

Mohammed al Baqari
Level 11
Level 11

‎09-04-2021 12:18 AM

Hi,

Try to use double portals (e.g. hotspot and self-registration) with two
endpoint identity groups along with purge policies. For example, you keep
users in group A which will be matched and allowed access. Then after x
days purge group A which makes the users hit hotspot portal and set in
group B. Group B will be blocked from access. After Y days purge group B
which makes the users enroll again in group A and so on.

Not straight forward but give it a try. This might give you some thought.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216330-ise-self-registered-guest-portal-configu.html

***** please remember to rate useful posts
0 Helpful

varma10
Level 1
Level 1
In response to Mohammed al Baqari

‎09-04-2021 08:15 PM - edited ‎09-07-2021 07:07 AM

Thanks for the Reply. But I don't want users to enroll after those many days. I currently have self registered accounts valid for 1 year in guest identity store.

 

I just don't want them to enter credentials in portal on daily basis for until 30 days. I want them to enter credentials on portal every 30 days.

howon
Cisco Employee
Cisco Employee
In response to varma10

‎09-07-2021 02:27 PM

You can enable device registration and add these devices in to endpoint group (Under guest portal, Guest Device Registration Settings > Automatically register guest devices). Make ISE authorization policy to permit guest access based on the endpoint group so user is not prompted to login. Then setup endpoint purge policy to purge the endpoints after 30 days. Once purged the user will need to login again and the 30 days timer kicks in again.

0 Helpful

varma10
Level 1
Level 1
In response to Mohammed al Baqari

‎09-07-2021 01:19 PM

Hi Mohammed,

 

Let me ask the question other way. Is there a timestamp attribute on ISE that gets triggered, when user enters credentials on the login portal? I would like to use that timestamped attribute and write policy to white list the users for the next 30 days. 

0 Helpful
Customers Also Viewed These Support Documents