11-12-2014 10:15 AM - edited 03-10-2019 10:10 PM
HI there.
I already have guest solution on my ISE installation. With Sponsor and guest portal enabled. All guest users are created by sponsores with expiration time of 1 day. This one works fine. (All guest users are on Wireless)
I want to create one "special" guest account that dosent have any expiration time. But I am not sure how to separate that user from the other guest users, how can I build guest authz. policy that can differentiate between guest users?
Thanks,
11-12-2014 12:34 PM
you could create an ISE local user with a GUEST membership and provided you have your ISE password policy set so that it doesn't expire accounts, etc it would be a "permanent" guest account. we do something similiar. sponsors make temporary accounts while long-term or test guest accounts are created in the ise local identity store as guests and are processed the same way. you just have to ensure that the internal user store is part of your guest identity source sequence.
11-14-2014 03:43 AM
Hi Ben,
thanks.
I did try to create new guest user via the admin page and make it member of the "Guest" group. But if the guest login in he will see self provisiong page where the register button is grey out.
All other temporary guest users can still login directly without self provisioning. What part in configuration should I correct before this will work with the permant guest user will work ?
11-19-2014 03:34 AM
check ActivatedGuest
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_guest_pol.html#pgfId-1598941
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide