Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
1
Helpful
1
Replies

device registration portal for internal endpoints that captures name phone etc

Go to solution
jpilchar
Cisco Employee
Cisco Employee

‎09-19-2017 02:46 PM

I am looking to capture BYOD end-user login information with ISE.

This project wants to track BYOD devices by user names that are not in Active Directory or local users on the ISE server.

They are looking to have a splash screen that will require the guest to enter valid:  Name, Email, Phone and have it mapped to the device and user information visible in live log.

I have questions on how they would validate information provided and I have not seen a AUP that will provide that service.

Can you assist with locating information or a resource I can talk this through with.

Thank you,

1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎09-19-2017 04:20 PM

The only way to capture information with ise is through self registration guest flow

You can have a special SSID for them to connect and register their device as part of this flow, you would have to keep a guest account long enough for the employee and to purge these guests devices after X amount of time , you would authorize the device after registration in this guest endpoint flow

the problem here is you problem don't want it to work this way

Our my devices flow for byod (supplicant and certificate provisioning) doesn't capture this either

You would need to do the following

Create your own portal that captures needed info

This portal would capture the info and add it to ISE via API, the device Mac would be added to a group that is authorized access

This portal could be used before connecting the device to the network

If you want as part of the flow

Device connects and not part of endpoint group

Redirect to portal and register

Portal will register device and call a COA to change device access

Device would reconnect with proper access

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎09-19-2017 04:20 PM

The only way to capture information with ise is through self registration guest flow

You can have a special SSID for them to connect and register their device as part of this flow, you would have to keep a guest account long enough for the employee and to purge these guests devices after X amount of time , you would authorize the device after registration in this guest endpoint flow

the problem here is you problem don't want it to work this way

Our my devices flow for byod (supplicant and certificate provisioning) doesn't capture this either

You would need to do the following

Create your own portal that captures needed info

This portal would capture the info and add it to ISE via API, the device Mac would be added to a group that is authorized access

This portal could be used before connecting the device to the network

If you want as part of the flow

Device connects and not part of endpoint group

Redirect to portal and register

Portal will register device and call a COA to change device access

Device would reconnect with proper access

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents