Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
874
Views
0
Helpful
2
Replies

Endpoint group updates - recurring issue and possible feature request?

Gustavo Novais
Level 1
Level 1

‎06-04-2018 09:50 PM

Hello,

Hello,

Please apologize the rant in advance. I'll try to be as constructive as possible.

Once again I'm faced with a customer intending to do multiple manipulations off the guest portal regarding endpoint caching (remember me functionality), as well as endpoint mac differentiation for employees authenticating off guest portals.

I've seen in the communities really valuable contributions from Jason Kunst and other community members where the generalized accepted solution is use the CoA mechanisms to redirect users after authentication yet again to a hotspot portal just for endpoint registration into a correct group, just because there's no way to tie external db lookups into guest portals.

This method is in my view an ugly workaround. It is not scalable (many guest types/endpoint groups/external DB groups imply a portal per type; any change needs to be reflected in all portals)

Would there be the possibility of adding directly off of the authorization policy a "Post-Authorization Action" result where an Endpoint would simply be updated with the correct static endpoint group based on External User group mapping and then CoA'd? The possibility of manipulation of the internal endpoint DB on the fly would be a really nice addition as it would overcome a major limitation of not being able to distinguish "remember me" configurations.

Maybe that's already on the roadmap?

Thanks

Gustavo

0 Helpful
2 Replies 2

Jason Kunst
Cisco Employee
Cisco Employee

‎06-05-2018 04:15 AM

We can’t discuss roadmap here and feature requests are sent through sales channel to our product managers

0 Helpful

Gustavo Novais
Level 1
Level 1
In response to Jason Kunst

‎06-05-2018 04:29 AM

Hi Jason,

I understand the proper channel argument. Yet often, when going through the channel,  we are faced with a "Please explain your business case and which and how many customers are interested" type of answer.

If enough people in the community would be interested by such type of feature, it would make for a good business case on its own.

Does the feature request make sense, at least?

Thanks

Gustavo Novais

0 Helpful
Customers Also Viewed These Support Documents