cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1843
Views
5
Helpful
4
Replies

Allow GUEST users to not to login

varma10
Beginner
Beginner

I have self-registration and sponsored guest portals defined on our guest networks. I would like to allow self-registered guest users to not to enter credentials on the guest login portal for specific period of time. 

 

Is there a logic in ISE policy that I can use to permit access to the users for certain number of days based on their last successful login on the portal? 

4 Replies 4

Hi,

Try to use double portals (e.g. hotspot and self-registration) with two
endpoint identity groups along with purge policies. For example, you keep
users in group A which will be matched and allowed access. Then after x
days purge group A which makes the users hit hotspot portal and set in
group B. Group B will be blocked from access. After Y days purge group B
which makes the users enroll again in group A and so on.

Not straight forward but give it a try. This might give you some thought.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216330-ise-self-registered-guest-portal-configu.html

***** please remember to rate useful posts

Thanks for the Reply. But I don't want users to enroll after those many days. I currently have self registered accounts valid for 1 year in guest identity store.

 

I just don't want them to enter credentials in portal on daily basis for until 30 days. I want them to enter credentials on portal every 30 days.

howon
Cisco Employee
Cisco Employee

You can enable device registration and add these devices in to endpoint group (Under guest portal, Guest Device Registration Settings > Automatically register guest devices). Make ISE authorization policy to permit guest access based on the endpoint group so user is not prompted to login. Then setup endpoint purge policy to purge the endpoints after 30 days. Once purged the user will need to login again and the 30 days timer kicks in again.

Hi Mohammed,

 

Let me ask the question other way. Is there a timestamp attribute on ISE that gets triggered, when user enters credentials on the login portal? I would like to use that timestamped attribute and write policy to white list the users for the next 30 days. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: