Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1737
Views
0
Helpful
3
Replies

ISE 2.2 guest features...."Supported with internal & AD/LDAP email address"

Go to solution
bechong
Cisco Employee
Cisco Employee

‎04-12-2017 12:31 PM

In the slide below, what does “Supported with internal & AD/LDAP email addresses? Does this mean the email of the Person being visited will be verified against AD/LDAP? So Guest cannot simply enter JohnDoe@XYZ.com if they implement the Self-Registration workflow?



ISE2.2 guest.png

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-12-2017 01:12 PM

This means when you enable single click sponsor approval it will validate that the person being visited email address belongs to a valid sponsor

This flow will only work for those sponsors in active directory LDAP or internal use your account it will not work for the SAML

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-12-2017 01:12 PM

This means when you enable single click sponsor approval it will validate that the person being visited email address belongs to a valid sponsor

This flow will only work for those sponsors in active directory LDAP or internal use your account it will not work for the SAML

0 Helpful

Go to solution
bechong
Cisco Employee
Cisco Employee

‎04-12-2017 07:01 PM

Thanks Jason,

Is there email validation if it is a self-registration flow?

Guest user completes the form but fills in an invalid email of the Person being visited. This flow doesn't require approval, but there is still a required email field of the Person being visited. Is this email validated against AD/LDAP?

The customer is considering enabling the self-registration flow with no approval required, but doesn't want any person to be sitting in parking lot within RF range of the Guest SSID and able to complete the self-registration process with a bogus email address.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to bechong

‎04-13-2017 04:24 AM

NO there is no lookup of the person being visited  less using single click

frankly I don't see the value as someone could easily find a company email address unless it was limited to a select few accounts even then it's better to use approval for that

instead why not use the self registration page access code to protect the portal?

if customer insist on having directory lookup with approval then please work offline with me by sending customer name as we have it on a list of features

0 Helpful
Customers Also Viewed These Support Documents