Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2190
Views
15
Helpful
5
Replies

ISE 3.0.0.458 Single Click Approval Not Working

Dan Man
Beginner
Beginner

‎10-21-2020 07:34 PM

Good evening!  I've set up our Guest self registration portal.  It works great!  Only two items that are plaguing me right now.  When the user self registers, the sponsor receives the email to Approve or Deny.  The sponsor clicks "Approve", which brings me to the first issues.  It asks the sponsor to authenticate to the sponsor portal.  I did read, and go through the single click approval guide.  I have the correct sponsor portal set up, with the correct identity source sequence.  My AD is registered in ISE, and is a part of the identity source sequence.  The users that are approving are a part of AD.  Within the self registration portal, the sponsor has to approve the guest registration.  Once the sponsor does authenticate, the guest sees the approval go through, on their screen.  At that time the guest has to accept the AUP, before it will let them on.  At that point, they're on, and it redirects them to our company page.  Once the user gets on, I have my second issue;  the sponsor receives a web page that says, "Link is invalid. Please sign on to the sponsor portal to approve/deny guests."; even though the guest has already been approved.  I've read that it could be due to our company logo being added.  I've removed our company logo, but still the same issue is happening.  I've read that in version 2 there is a bug.  I would've assumed that this was fixed going into version 3.  Anyone have any success at correcting these two issue?  Thanks!

0 Helpful
5 Replies 5

Dan Man
Beginner
Beginner

‎11-24-2020 09:06 PM

No thoughts?  TAC can’t seem to figure this out.  Customer is on the verge of scrapping ISE in favor of ClearPass

0 Helpful

Aref Alsouqi
VIP Collaborator VIP Collaborator
VIP Collaborator
In response to Dan Man

‎11-25-2020 03:03 PM

Seems like it is a buggy behaviour. I would try to ask TAC to escalate the case.

0 Helpful

tellis002
Beginner
Beginner

‎02-04-2021 07:53 AM

I know this is going to sound super weird, but I have been working on the same issue, same ISE version as well.  However, it started working and the only thing I changed was getting ISE to email externally.  All I can think of is something in the token with how I was currently utilizing email within ISE was causing an issue.  

 

 

Dan Man
Beginner
Beginner
In response to tellis002

‎02-04-2021 09:19 AM

That is interesting! I opened a TAC case, and they were able to reproduce the error in their lab. From what TAC told me, they’re going to create an update to address the issue; but I’m going to try your suggestion.

tellis002
Beginner
Beginner
In response to Dan Man

‎02-04-2021 09:40 AM

O nice, very interesting.  Well I will watch out for that update then as well.  

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents