09-03-2021 07:33 PM - edited 09-03-2021 07:34 PM
I have self-registration and sponsored guest portals defined on our guest networks. I would like to allow self-registered guest users to not to enter credentials on the guest login portal for specific period of time.
Is there a logic in ISE policy that I can use to permit access to the users for certain number of days based on their last successful login on the portal?
09-04-2021 12:18 AM
09-04-2021 08:15 PM - edited 09-07-2021 07:07 AM
Thanks for the Reply. But I don't want users to enroll after those many days. I currently have self registered accounts valid for 1 year in guest identity store.
I just don't want them to enter credentials in portal on daily basis for until 30 days. I want them to enter credentials on portal every 30 days.
09-07-2021 02:27 PM
You can enable device registration and add these devices in to endpoint group (Under guest portal, Guest Device Registration Settings > Automatically register guest devices). Make ISE authorization policy to permit guest access based on the endpoint group so user is not prompted to login. Then setup endpoint purge policy to purge the endpoints after 30 days. Once purged the user will need to login again and the 30 days timer kicks in again.
09-07-2021 01:19 PM
Hi Mohammed,
Let me ask the question other way. Is there a timestamp attribute on ISE that gets triggered, when user enters credentials on the login portal? I would like to use that timestamped attribute and write policy to white list the users for the next 30 days.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide