Can you maybe post the different settings (AD profile, identity source profile, sponsor authorization)?

Thanks and regards

Sent from Cisco Technical Support iPhone App

attached

I think the problem is, that you specify the ISE Identity Groups (SponsorAllAccounts, SponsorGroupAccounts and SponsorOwnAccounts) in the Sponsor Group Policy. Because all the AD users that should have access, are ONLY in the DC1:ExternalGroups, so you should allow ANY as Identity Group and DC1:ExternalGroups ..., see below:

Hope this will help you solve the problem.

Regards

Dominic

Thanks for your help Dominic, unfortunatley I'm still getting the same..

The authentication in ISE is showing "Sponsor authentication has failed : Sponsorgroup not found for user" and the error on the sponsor portal is "Invalid sponsor group. Please try again."

Some more screengrabs

Very strange. Do you have a special character in the Domain Name or the Identity Store Name?

Just a hypen in the Identity Store, the format of the name is ABC-DC1. The domain name is simple; domain.com.

Check the additional attribute section in the report and see if the AD group is being retrieved for this user.

Thanks,

Tarik Admani
*Please rate helpful posts*

Thanks for your help Tarik, but still no luck.

I might try stripping it all back, and re-added.

I'll report back if I have any progress.

I've been able to get it working now, I removed the groups I was originally trying to use - tried a different one that was newly created with the same users added to it - and voila.. it works.

thanks Dominic and Tarik for your help.

Hi Evan

thanks for your feedback.

Regards

Dominic

OK, then I don't have any more ideas, why the problem occurs. At the moment, I have a lot of other problems / bugs / questions open concerning ISE guest / sponsor portal.

I'm having the same issue on 1.1.2.145, when I changed the Identity group to Any it worked.