Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
447
Views
1
Helpful
3
Replies

Disable options to allow some Sponsor users to create Guest accounts

iran
Level 1
Level 1

ā€Ž09-22-2024 02:52 PM

Hi,

I have  a setup with Guest self registering with sponsor approval.
I dont want to allow all sponsor users to be capable to create Guest accounts, only to allow them to approve Guest request via Sponsor approval.

iran_0-1727041720541.png

I already disable these options, however all Sponsor users are able to create Guest accounts:

iran_1-1727041873302.png

Can someone explain how can I achieve it?

Thank you in advance.

 

0 Helpful
3 Replies 3

Arne Bier
VIP
VIP

ā€Ž09-22-2024 04:00 PM

In order to allow sponsors to approve self-registered guest, the sponsor must be a member of a Sponsor Group, and as such, they must be allowed to access the Sponsor Portal.  You can do what's called single-click approval, which will remove the need for sponsors to provide their username/password as part of the approval process (it requires AD Group membership and there are community posts about this).   

Perhaps I missed something, but I don't know how you can stop a sponsor from visiting the Sponsor Portal directly, but still allowing them to approve requests from an email link. Try the single-click approval - that might re-train sponsors from wanting to log into the Portal directly.

 

iran
Level 1
Level 1
In response to Arne Bier

ā€Ž10-06-2024 02:04 PM

@Arne Bier 
Hello, Thank you so much for your reply.

Basically I was expecting when disable this option, Sponsor user of this sponsor user will be be allowed to created new Guest accounts.

iran_0-1728247518303.png

Regarding single-click approval, I was checking it, and I only found it. however even if this option, when I click in "approve" on the link received via email, I am redirect to Guest portal menu. 
iran_1-1728247746695.png

In overall, my goal is that everyone in a specific AD group are able to approve via email. however, I just want some specific users to have the capacity to create Guest users account.
For me is fine that everyone can access Sponsor portal, I just want to block them to create accounts there.

Thank you





0 Helpful

Arne Bier
VIP
VIP
In response to iran

ā€Ž10-06-2024 02:30 PM

The first red block you highlighted refers to bulk guest account creation. You have this unchecked. It means that the Sponsor won't be allowed to create bulk guest accounts, via CSV import or large quantities of randomly generated guest accounts. If you have allowed a user to log into the Sponsor Portal, then you have effectively enabled that user to create a guest account - that's why this portal exists.

One-click approval is slightly sublet and there have been Community posts about this. The trick is that the Sponsor to whom the email is sent, must be a member of the AD Group that is used for the Sponsor Portal - below is the crux of the matter

ArneBier_0-1728250073096.png

I once ran into an issue where the approval email was sent to joe.bloggs@company.com, and they received it - but when they clicked on the link, ISE didn't perform the one-click, because in their AD account (the account that Joe Bloggs used to login to Sponsor Portal) had an AD email address that was not the same as above - sometimes the email attribute of an AD user has been misconfigured, or is empty.

 

0 Helpful
Customers Also Viewed These Support Documents