Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1765
Views
0
Helpful
2
Replies

ISE Authenticated Guests Count

Go to solution
Not applicable

‎07-03-2017 09:02 PM - last edited on ‎03-11-2019 12:49 AM by

Hi,

I'm wondering if there is information available on how ISE counts guest users as displayed on the homepage under 'Authenticated Guests'.

I'm using a self-registered guest portal, following documentation here :

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

It seems in my initial testing that when a user successfully logs into the guest portal, the count is incremented.

In order to avoid multiple portal logins if a user disconnects their session, I have a second rule that uses a guest endpoint identity group.

When the user hits this rule, and doesn't login to the web portal, it seems the authenticated guests count is not incremented.

Could someone confirm how the count is expected to work, does it require a web portal login and if so is there is a way to include sessions matching a guest endpoint identity group as well?

Just the count is a little misleading as there are more authenticated guests than presented.

Cheers.

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lrojaslo
Cisco Employee
Cisco Employee

‎05-27-2021 12:05 PM

During Guest process, if the endpoint is required to go over Guest flow process (portal pop up) this will be count as new Guest authentication and counter will increase, however, based on accounting stop messages previous session should be released to avoid multiple sessions opened for same endpoint.

 

The reason why you don't see the increase hitting the rule with identity group is because you are not going over Guest flow this time, because your endpoint is already assigned to a group and authentication is not using Guest condition and portal is not displayed.

 

Make sure accounting is properly configured and you are not having multiple sessions open for same endpoint.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
samuel.heinrich
Level 1
Level 1

‎05-27-2021 02:45 AM

/push

 

I'm have this question too.

 

in my case we are using external webauth, means the WLC is redirecting clients to the ISE sponsored guest captive portal, where they can login with their credentials, which were previously created from a sponsor.

after authentication was successful, clients have to reconnect to eventually get authenticated via MAB endpoint check. 

 

unfortunately the ISE those not reflect the guest authentication or in other words guest enpoints connected via MAB in the dashboard.

 

it would be pretty convenient to configure this via policy result, so that i can choose if a session was created by a specific authz rule, it gets marked with "authenticated guest, same goes for "byod" if you simple to peap/mschap für boyds.

0 Helpful

Go to solution
lrojaslo
Cisco Employee
Cisco Employee

‎05-27-2021 12:05 PM

During Guest process, if the endpoint is required to go over Guest flow process (portal pop up) this will be count as new Guest authentication and counter will increase, however, based on accounting stop messages previous session should be released to avoid multiple sessions opened for same endpoint.

 

The reason why you don't see the increase hitting the rule with identity group is because you are not going over Guest flow this time, because your endpoint is already assigned to a group and authentication is not using Guest condition and portal is not displayed.

 

Make sure accounting is properly configured and you are not having multiple sessions open for same endpoint.

0 Helpful
Customers Also Viewed These Support Documents