02-08-2018 04:21 AM
Hello ISE Community,
I have a Bank customer that is using a CRM for its customers.
They want to use the account number and Date of Birth in order to authenticate them with the ISE Guest services.
This bank has around 10M customers.
Question1:
Guest Local DB scalability on the 3415/95 on ISE2.3.
Question2:
Can we use the ERS API in order to either take the information of a user based on his bank account and populate the
ISE local DB in order to validate the user authentication before granting access?
Question3:
Are you aware of any customer that is using this kind of integration with a CRM in order to validate user information
Before granting acess?
If yes what would be the best way to do it.
I know that we do not support external DB AUth for guest user.
Best Regards,
Babacar
Solved! Go to Solution.
02-08-2018 04:35 AM
You will likely have more exposure to this under the Public Community would recommend moving it there with my answer or I can do that
http://cs.co/ise-community
Question 1 is answered in our performance and scale section
https://communities.cisco.com/docs/DOC-68347
Question 2 yes this might be possible depending on how you setup the username and password policy
Question 3 is likely but people don’t share examples
How about instead having ISE lookup information via ldap server that is populated with the correct username and password? This will likely scale, maybe the CRM can do this?
Another way would be to have the user onboard themselves when they come in, hit a registration portal front end before connecting to guest or something in a flow that would create the account for them
Either way would have to be setup in lab and validate your options with partner
02-08-2018 04:35 AM
You will likely have more exposure to this under the Public Community would recommend moving it there with my answer or I can do that
http://cs.co/ise-community
Question 1 is answered in our performance and scale section
https://communities.cisco.com/docs/DOC-68347
Question 2 yes this might be possible depending on how you setup the username and password policy
Question 3 is likely but people don’t share examples
How about instead having ISE lookup information via ldap server that is populated with the correct username and password? This will likely scale, maybe the CRM can do this?
Another way would be to have the user onboard themselves when they come in, hit a registration portal front end before connecting to guest or something in a flow that would create the account for them
Either way would have to be setup in lab and validate your options with partner
02-08-2018 09:24 AM
I think this was similar to another post. I definitely wouldn't program banking numbers into ISE guest database. I would look to have a kiosk or something in the branches. The kiosk runs a customer web interface that asks the user to provide their bank account number and date of birth. The web program then validate the information against the CRM. Once validated the application pulls the user's first name and last name from the CRM. The program then uses ISE API to create a guest account using the first name/last name and then supplies the guest sign in information to the user.
I wouldn't scaling would really come into play. The bank may have 10M customers, but I would bet less than 10K would actually uses guest wireless. How many customers go to bank branches these days? How many actually stay long enough where they would wonder "Do they have guest wifi here?".
02-08-2018 10:31 AM
Agree, even if you did hit the 1 million accounts you could always set them for a day or a week of access and then when the default 90 day purge of guest accounts hit it should keep below that mark
02-12-2018 12:56 AM
Many Thanks Jason, Paul,
I do agree that going from the CRM to ISE and only create accounts that have been requested by Guest is the most scalable way of handling the bank customers.
I Will discuss with the customer to see how a portal linked to the CRM is feasible and then linked it to the ISE API
in order to create the accounts.
Many Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide