cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

270
Views
0
Helpful
5
Replies
Cisco Employee

Guest: bypass sponsor approval based on email domain

Hello,

My customer is asking if it is possible with self-registration with sponsor approval workflow to bypass sponsor approval if the guest registers with a specific email domain.

Example:

-          @Domain.com (whitelist) --> bypass sponsor approval

-          any other domain --> require sponsor approval

I remember that sponsor approval is a global workflow option, and I’m not sure it can be turned off based on domain whitelist.

If it is not possible, the other option would be to create a different SSID?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Guest: bypass sponsor approval based on email domain

Correct have to do another portal and restrict email domains that can register using this portal

There maybe an advanced option where you have one portal link to another portal but this would have to be worked offline and discussed as required advanced customization

Who are the users under the special domain?

View solution in original post

5 REPLIES 5
Highlighted
Cisco Employee

Re: Guest: bypass sponsor approval based on email domain

Correct have to do another portal and restrict email domains that can register using this portal

There maybe an advanced option where you have one portal link to another portal but this would have to be worked offline and discussed as required advanced customization

Who are the users under the special domain?

View solution in original post

Highlighted
Cisco Employee

Re: Guest: bypass sponsor approval based on email domain

These are corporate users, who can register for guest services (only internet access).

Any other guest would have to go for sponsor approval.

Highlighted
Cisco Employee

Re: Guest: bypass sponsor approval based on email domain

Have they thought about just allowing them to put in their AD credentials to get guest access? This way they don’t have to create guest accounts?

Highlighted
Cisco Employee

Re: Guest: bypass sponsor approval based on email domain

These would be corporate users from different countries/regions, different ADs.

There is just trust relationship between the various ADs, they do not have unified policies or even solutions.

I know ISE supports multi-forest AD, can we leverage this function and allow these users to have only internet access when connected to the main corporate SSID?

Example:

- If local corporate (country A) user connects to corporate SSID (country A) --> unrestricted access

- If remote corporate user (country B) connects to corporate SSID (Country A) --> internet access only

Any other guest would connect to Guest-SSID, and require sponsor approval.

Highlighted
Cisco Employee

Re: Guest: bypass sponsor approval based on email domain

Yes should be possible lets dicuss offline, send me a webex for late today