Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
746
Views
0
Helpful
1
Replies

ISE 1.4 Portal flows

Go to solution
vballapu
Cisco Employee
Cisco Employee

‎03-03-2016 09:34 AM

Hello,

Customer is referring this doc

http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-97-Create_Custom_Guest_Success_Pages_by_Active_Directory_Group_with_ISE_12.pdf

ISE Ver: 1.4

Customer is looking to do something very similar to what is explained below. The only problem is that the Portal Flows have changed between 1.2 and 1.3. We are running 1.4 and trying to find out if its possible.

http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-97-Create_Custom_Guest_Success_Pages_by_Active_Directory_Group_with_ISE_12.pdf

In short, what provide the ability for certain users, but not all, to register devices.

Is it possible to have different portal behaviors after performing central web auth? Customer would like to have sponsored accounts to automatically register their devices but I don’t want this behavior for an AD group that logs into CWA. Additionally, I would like the registered devices to be removed when the sponsored account expires or is deleted. All this functionality is there but making it all work together is the question

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎03-04-2016 12:37 PM

You cannot specific which types of guests register or can't register the devices, this is set per portal

Screen Shot 2016-03-04 at 3.19.40 PM.png

Make sure to setup guest type for employees to use a different endpoint group then the guest type for guests

Screen Shot 2016-03-04 at 3.37.07 PM.png

set in the portal settings config

Screen Shot 2016-03-04 at 3.33.25 PM.png

You can however decide on how you're going to use the registered devices in the authz rule, so employees  have to always go through the web auth flow but guest authorization is based off endpoint group

Replace permit access with guest-permit authz profile

Screen Shot 2016-03-04 at 3.30.09 PM.png

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎03-04-2016 12:37 PM

You cannot specific which types of guests register or can't register the devices, this is set per portal

Screen Shot 2016-03-04 at 3.19.40 PM.png

Make sure to setup guest type for employees to use a different endpoint group then the guest type for guests

Screen Shot 2016-03-04 at 3.37.07 PM.png

set in the portal settings config

Screen Shot 2016-03-04 at 3.33.25 PM.png

You can however decide on how you're going to use the registered devices in the authz rule, so employees  have to always go through the web auth flow but guest authorization is based off endpoint group

Replace permit access with guest-permit authz profile

Screen Shot 2016-03-04 at 3.30.09 PM.png

0 Helpful
Customers Also Viewed These Support Documents