We have two ISE ecosystems different and isolated (2.7 and 3.2)
I must migrate guest accounts from one system to the other one.
On 2.7 we have two sponsorportals and so it is on 3.2.
I managed to retrieve captive portal users through a python script of mine.
Though I see that this page reports that the portal ID (I guess the sponsor portal) is present in the REST-API reply, I don't see it.
https://developer.cisco.com/docs/identity-services-engine/v1/#!guestuser
I have also noticed that we my AD user I can retrieve the user lists through ERS, but to get the sponsor portals IDs, I must use a super admin internal account.
I suspect that, since the user used to retrieve the users list might be restricted to just one sponsor portal , ERS correctly think that I don't need the portal ID.
Here I read:
"You can use the default ISE admin account for ERS APIs since it has SuperAdmin privileges. However, it is recommended to create separate users with the ERS Admin (Read/Write) or ERS Operator (Read-Onlly) privileges to use the ERS APIs so you can separately track and audit their activities."
https://community.cisco.com/t5/security-knowledge-base/ise-ers-api-examples/ta-p/3622623#toc-hId-746822939
but honestly it doesn't seem to work that way.
So, from my induction reasoning, a super admin is not automatically granted the rights to manage the guest users of a sponsor portal, but it might be specifically assigned; I haven't found a way trhough.
I'm facing many variable things here, and since I'm quite new to ISE from this perspective, I may need the help of sombody who's more expert on this topic, to eliminate non-significant information.
Any help/idea/advise will be very much appreciated.
Gio
