Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
455
Views
0
Helpful
1
Replies

Cisco ISE 3.2 Patch 4 Single Click Approval Not Working with AD

Go to solution
jack.warmya
Level 1
Level 1

‎12-20-2023 06:51 AM

hello folks,

I am trying to implement the One-Click approval solution with the guide provided by Jason Kunst. However it is not working for me.

https://community.cisco.com/t5/security-knowledge-base/ise-single-click-sponsor-approval-faq/ta-p/3637016/page/2

My AD is registered in ISE, and is a part of the identity source sequence. The users are also part of AD.
• Sponsor user AD Domain: D01.company.local
• Sponsor email address: firstname.lastname@company.com
• Sponsor user in AD has the email attribute that matches with the email “person being visited”

First issue:

When the guest user self registers, the sponsor receives the email to Approve or Deny.  The sponsor clicks "Approve", however it still brings the sponsor to the sponsor portal and ask the sponsor to authenticate in order to validate the user request.

Second issue:

Once the sponsor does authenticate, the guest sees the approval go through on their screen.  After accepted the AUP and it redirects them to our company page. 

However, the sponsor receives a web page that says, "Link is invalid. Please sign on to the sponsor portal to approve/deny guests."; even though the guest has already been approved.

Have you experienced the similar issues ?

Thanks,

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-26-2023 03:17 PM

@jack.warmya, The links to single click approve self-registered guest users are good for 3 hours only and they are also specific to the host IP address or the FQDN of the specific sponsor portal. Please review the video ISE Single Click Sponsor Approval Feature Overview; especially, ~ 7 minutes onwards in the video.

In case that does not help, please engage Cisco TAC support to take a look at your deployment scenario and troubleshoot further.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-26-2023 03:17 PM

@jack.warmya, The links to single click approve self-registered guest users are good for 3 hours only and they are also specific to the host IP address or the FQDN of the specific sponsor portal. Please review the video ISE Single Click Sponsor Approval Feature Overview; especially, ~ 7 minutes onwards in the video.

In case that does not help, please engage Cisco TAC support to take a look at your deployment scenario and troubleshoot further.

0 Helpful
Customers Also Viewed These Support Documents