Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2620
Views
0
Helpful
3
Replies

Guest Self-Registration with access to e-mail to get credentials before complete sign-on

Go to solution
Muhammad Hamid Ashraf
Level 1
Level 1

‎05-26-2019 03:07 AM - last edited on ‎06-12-2019 08:41 AM by Cisco Employee

Hi All,

 

We have ISE 2.3.0.298 and we are in phase of implementing Self registration Portal for guests with below mentioned flow:

 

1. Guest connects to guest SSID and redirected to Guest Self Registration Portal.

2. Guest put in First Name, Last Name, Email and Phone number as mandatory fields

3. Guest has been provided with limited access to internet with a notification " We have sent your credentials to provided email address. Please login with the credentials else your internet will be revoked after 15 minutes" and redirected to login page.

4. Now User can check their email and copy credentials from there to login into the authentication page. If failed to login then internet will be revoked else continue for the provided time. 

 

Can someone guide me with the resources and videos so i could implement this or would be grateful if someone could guide me with similar solution.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎05-26-2019 03:53 AM - edited ‎06-07-2019 11:14 AM

There is no such flow available as of now but I do have an idea. This may takes a few days to understand if possible

We do have something similar but I think your requirement is to open internet for a while so they can gather their credentials

https://community.cisco.com/t5/security-documents/ise-guest-amp-web-authentication/ta-p/3657224#toc-hId--418207379

 

 

my Quick thoughts on possible flow that might work

 

 

I was thinking if we could take the self-reg success page with login and embed some static credentials then I could make this flow work. This flow is to have self registration with timeout so user can get internet and check email for credentials. User is tied to email address for tracking. 
 
1. User comes in registers for account
2. Credentials emailed and or SMS to used
3. User clicks sign on from self-registration success sign on page. This sign on has static credentials instead of the actual credentials
4. User is logged into guest flow
5. After time user is kicked out
6. Logs in with actual credentials
7. Remember me flow in place to not require further login
 
Static user guest type with another endpoint group. Or endpoint group for internal endpoint groups. 
No registration of endpoint on initial flow
When users logs in 2nd time gets put into guest endpoint for remember me 
 
Authorization if guest endpoints then permit access 
Authorization says if temp account guest flow then permit access 10 min. Coa disconnect in the authorization profile.
If mab then redirect to guest portal 
 
Here is the scripting used:
 

Please find the script for Login and Self-Registration Success pages optional content 2.

For more information working with javascript check out how to work with customization

 

Login Page

===========

<script>

var successPage;

var gName;

setTimeout(function() {

    if(successPage && gName != null){

        successPage = false;

        document.getElementById('user.username').value = "guestuser";

        document.getElementById('user.password').value = "guestpassword";

        $('#ui_login_signon_button').click();

    }

}, 100);

</script>

 

Self-Registration Success

========================

<script>

setTimeout(function() {

    successPage = true;

    gName = $('.ui_self_reg_results_username_label').find('.ui-block-b').text();

}, 100);

</script>

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎05-26-2019 03:53 AM - edited ‎06-07-2019 11:14 AM

There is no such flow available as of now but I do have an idea. This may takes a few days to understand if possible

We do have something similar but I think your requirement is to open internet for a while so they can gather their credentials

https://community.cisco.com/t5/security-documents/ise-guest-amp-web-authentication/ta-p/3657224#toc-hId--418207379

 

 

my Quick thoughts on possible flow that might work

 

 

I was thinking if we could take the self-reg success page with login and embed some static credentials then I could make this flow work. This flow is to have self registration with timeout so user can get internet and check email for credentials. User is tied to email address for tracking. 
 
1. User comes in registers for account
2. Credentials emailed and or SMS to used
3. User clicks sign on from self-registration success sign on page. This sign on has static credentials instead of the actual credentials
4. User is logged into guest flow
5. After time user is kicked out
6. Logs in with actual credentials
7. Remember me flow in place to not require further login
 
Static user guest type with another endpoint group. Or endpoint group for internal endpoint groups. 
No registration of endpoint on initial flow
When users logs in 2nd time gets put into guest endpoint for remember me 
 
Authorization if guest endpoints then permit access 
Authorization says if temp account guest flow then permit access 10 min. Coa disconnect in the authorization profile.
If mab then redirect to guest portal 
 
Here is the scripting used:
 

Please find the script for Login and Self-Registration Success pages optional content 2.

For more information working with javascript check out how to work with customization

 

Login Page

===========

<script>

var successPage;

var gName;

setTimeout(function() {

    if(successPage && gName != null){

        successPage = false;

        document.getElementById('user.username').value = "guestuser";

        document.getElementById('user.password').value = "guestpassword";

        $('#ui_login_signon_button').click();

    }

}, 100);

</script>

 

Self-Registration Success

========================

<script>

setTimeout(function() {

    successPage = true;

    gName = $('.ui_self_reg_results_username_label').find('.ui-block-b').text();

}, 100);

</script>
0 Helpful

Go to solution
770801tvdhaar
Level 1
Level 1
In response to Jason Kunst

‎10-15-2019 04:53 AM

Hi Jason,

 

Quick question we have several scripts installed on our ISE production deployment at this stage. What happens after we upgrade do these scripts get cleared out and have to start from scratch? Or is it a simple restore from operational backups that put everything together again? Portals built in ISEPB are version dependent what happens with portals created there do these also stop working after upgrade?

 

Tyrone

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to 770801tvdhaar

‎10-22-2019 02:45 AM

this is general question not specific to this thread, please open new one if haven't already
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents