Good evening! I've set up our Guest self registration portal. It works great! Only two items that are plaguing me right now. When the user self registers, the sponsor receives the email to Approve or Deny. The sponsor clicks "Approve", which brings me to the first issues. It asks the sponsor to authenticate to the sponsor portal. I did read, and go through the single click approval guide. I have the correct sponsor portal set up, with the correct identity source sequence. My AD is registered in ISE, and is a part of the identity source sequence. The users that are approving are a part of AD. Within the self registration portal, the sponsor has to approve the guest registration. Once the sponsor does authenticate, the guest sees the approval go through, on their screen. At that time the guest has to accept the AUP, before it will let them on. At that point, they're on, and it redirects them to our company page. Once the user gets on, I have my second issue; the sponsor receives a web page that says, "Link is invalid. Please sign on to the sponsor portal to approve/deny guests."; even though the guest has already been approved. I've read that it could be due to our company logo being added. I've removed our company logo, but still the same issue is happening. I've read that in version 2 there is a bug. I would've assumed that this was fixed going into version 3. Anyone have any success at correcting these two issue? Thanks!
I know this is going to sound super weird, but I have been working on the same issue, same ISE version as well. However, it started working and the only thing I changed was getting ISE to email externally. All I can think of is something in the token with how I was currently utilizing email within ISE was causing an issue.
That is interesting! I opened a TAC case, and they were able to reproduce the error in their lab. From what TAC told me, they’re going to create an update to address the issue; but I’m going to try your suggestion.