Solved: ISE: Duration of Registered Guest Devices vs. Guest User Account

christian.faessler · ‎08-26-2021

Hi

I would like to keep the MAC address of the registered devices for a longer period (in the endpoint identity group) than the guest user account is valid.

Background: We want the clients to be registered for one year but the user account should only be valid for a week because no one will remember the password for a year. Do you have a solution for this situation?

Cheers,

Christian

Greg Gibbs · ‎08-26-2021

The Reset Password option is available from the Manage Accounts page in the Sponsor Portal, as long as the Sponsor is a member of a Sponsor Group that has the "Reset guests' account passwords" permission enabled.

You can also require guests to change their passwords after a certain number of elapsed days from first login by configuring the "Password must be changed every X days" option on the Work Centers > Guest Access > Settings > Guest Password Policy page.

View solution in original post

Milos_Jovanovic · ‎08-26-2021

Hi @christian.faessler,

Yes, you can keep endpoint devices for a longer period, it depends on your endpoint purge policy.

You could create an account with duration of 1 year, and you would have an option to reset its password, should there be a need.

BR,

Milos

christian.faessler · ‎08-26-2021

Hi Milos

Thanks for your reply. In my tests the MAC address is always removed from the endpoint identity group as soon as the user account expires or is deleted. How can I get the address to stay regardless of the user account situation?

The 'password reset' option is a good idea. How can I add this option to the 'guest login' page?

Cheers,

Christian

Milos_Jovanovic · ‎08-26-2021

Endpoints should be subject of the purge endpoints policy. Please check yours under Administraton / Identity Management / Settings / Endpoing Purge. I'm not aware that endpoints are deleted along with expired users (although I never investigated this myself).

You should configure this under Guest portal. You can also reset password as Sponsor.

BR,

Milos

christian.faessler · ‎08-26-2021

Hi Milos

Thanks again. The trick with the Endpoint Purge ruled works fine but there is one important thing to know. As long as no purge rule exists, the MAC address will be purged from the Endpoint Group when the user account is either deleted or expired. As soon as a rule has been defined, the MAC address in the endpoint group will outlast the user account duration.

I could not find the 'password reset' feature though. Could you let me know where exactly I can find this setting?

Cheers,

Christian

Greg Gibbs · ‎08-26-2021

The Reset Password option is available from the Manage Accounts page in the Sponsor Portal, as long as the Sponsor is a member of a Sponsor Group that has the "Reset guests' account passwords" permission enabled.

You can also require guests to change their passwords after a certain number of elapsed days from first login by configuring the "Password must be changed every X days" option on the Work Centers > Guest Access > Settings > Guest Password Policy page.

christian.faessler · ‎08-26-2021

Hi Greg

Thanks for the explanation. I somehow expected to have an option for a 'forgot password' link/button on the login page where the guest user can request the password to be resend to his email address. This is implemented on almost every website where a login is required.

I probably have to send in a feature request this.

Cheers,

Christian