ISE Guest Authentication only with email address

pemasirid · ‎11-10-2013

Hi,

I want to know is there an option to use ONLY the email address as an authentication credential for Guest user authentication using Guest Protal and this should be done only with Self Registration not with Sponsored accounts.

Appreciate if someone has done this and advise us how to achieve this.?

thanks

Saurav Lodh · ‎11-11-2013

The exact scenario explained above is unachievable , however a little different from that can be achieved , see below

New Features in Cisco ISE Version 1.2.0.899—Cumulative Patch 2

Support for Guest Self-Registration Based on Email Domain Whitelist

You can allow guests to create their own accounts by enabling the self-service feature by choosing: Administration > Web Portal Management > Settings > Guest > Multi-Portal Configurations > Operations > Guest users should be allowed to do self service. When you enable this feature, the account credentials display on the screen, and they are also emailed to the email address used to create the account.

You can restrict this feature by limiting guests' ability to create their own accounts based on their email domain. By creating an email domain whitelist, you can ensure that only guest users with email accounts on those domains can create guest accounts.

To prevent the account credentials from displaying on the screen, you must create a custom portal when using an email domain whitelist. These steps provide an overview:

1. Create a custom portal, following these guidelines:

–Add a required email field and an acceptable use policy (AUP) page to the Self-Registration html file. See the "Sample Code for Sponsor and Guest Portal Customizations" appendix in the Cisco Identity Services Engine User Guide, Release 1.2 for a sample file.

–Add text to refer users to their email for their login credentials on the Self-Registration Results html file. See the "Sample Code for Sponsor and Guest Portal Customizations" appendix in the Cisco Identity Services Engine User Guide, Release 1.2 for a sample file.

–Map the Login file to the Self-Registration page. See the "Mapping HTML Files to Guest Portal Pages" section in the Cisco Identity Services Engine User Guide, Release 1.2 for detailed instructions.

2. Configure the SMTP server to support notifications (Administration > System > Settings > SMTP Server).

3. Specify the default e-mail address from which to send all guest notifications. (Administration > System > Settings > SMTP Server and choose Use Default email address).

4. Create the email domain whitelist. See the "Restricting Self-Registration Based on Email Domain" section.

5. Customize the self-registration credentials email message. See the "Customizing the Self-Registration Credentials Email" section.

6. Customize the self-registration failure message. See the "Customizing the Self-Registration Failure Message" section

pemasirid · ‎11-11-2013

Hi Saurav,

Many thanks for your reply with the details, this will diffinitely help me to have some workaround for the requirement. However it is good that created email address, you able to use at the same time without sending it to receive on somewhere to because even to receive the email it is require the guest user to access email.

This is what I understand from the above steps but I need to go through complete, correct me if I understood wrongly.

Many thanks again for your response.

mbilgrav · ‎12-02-2013

you can specify that the email address must be used as username.

But you still need a password aswell.

If you want to disable passwords for guest, you really dont need authentication, do you ?

Gaj Ana · ‎05-08-2014

Hi

Did you get this working? I tried using the self registration page but email never worked.

using ise 1.2 with patch 7

Thanks

G