cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1653
Views
3
Helpful
11
Replies
vishrana
Cisco Employee

ISE Guest Sponsor Portal Customization - hide email for ApproveButton Pop-up message

Hi all,

I am trying to create a customized Sponsor Portal based on the customer's requirement. One of the requirement is to not allow the sponsor to put in their email address when they click on the Approve button in Pending Accounts tab (Please see the Screenshot for reference). Is there a way  to just approve the account once the sponsor clicks on the Approve button - without asking for confirmation?

If not than hiding the Sponsor's Email address input field in the Approval Pop up will also work.

SponsorApproval.JPG

Thanks,

Vishal Rana

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Serhii,

This is Great!

I test the script, it disables the sponsor's email address input field.

However if I include the line "$('#approveForm input').val('aaaaa@aa.aa');" it changes the current sponsor's email id. I cannot give a specific email-id in the script. So instead I removed that line, which gives me the default value of the sponsor's email id (Extracted from the AD/LDAP) when the Approve message pops-up - Not allowing the sponsor to edit the field.

I am going to use this script for now. Thanks a ton!

<script>

setTimeout(function() {

    $('[href="#approve"]').on('click', function() {

        $('#approveForm input').prop('disabled', 'true');

    });

}, 4000);

</script>

View solution in original post

11 REPLIES 11
Jason Kunst
Cisco Employee

The sponsor email address has to be validated as who the approval is coming from when the email i sent. This I believe is for the 1st approval but subsequent approvals doesn't ask for the sponsor email address correct?

Hi Jason,

It asks for the sponsor's email address each time sponsor clicks on approve button. Also, Is it really necessary for the sponsor to validate his/her email address?? The email id of the sponsor is attached to the username based on AD/LDAP and that is the reason the input field is populated with the sponsor's email address (user currently login to the sponsor portal) when the Approval confirmation pop's up.

The issue is the sponsor can edit the email!

Considering the Sponsor-Group configured is "OWN_ACCOUNTS"

So what I noticed is - if the sponsor changes the email address in the approval confirmation field, the username is tied to the updated email address. Which is a problem because the next time the user will login to the sponsor portal he/she will see the pending request which is for the updated sponsor email-id. ISE keeps record of username with updated email id (Verified in the sponsor audit log and also tested out the same).

So that is the reason it would be better if sponsor's are restricted to edit their email address field during Approval.

Thanks & Regards

Vishal Rana

The reason why is if there email changes then they will need to update it

I will see if we can script something that will automate clicking of that button

That would be great! I really appreciate your help.

Thanks & Regards

Vishal Rana

Hi Vishal,

Could you please try to use that script?

You should insert it in Instructional text of 'Sponsor portal settings'.

Script will disable input.

Also you need to change Sponsor's e-mail ( it's a sponsor's emailaaaaa@aa.aa').

<script>

setTimeout(function() {

    $('[href="#approve"]').on('click', function() {

        $('#approveForm input').val('aaaaa@aa.aa');

        $('#approveForm input').prop('disabled', 'true');

    });

}, 4000);

</script>

Hi Serhii,

This is Great!

I test the script, it disables the sponsor's email address input field.

However if I include the line "$('#approveForm input').val('aaaaa@aa.aa');" it changes the current sponsor's email id. I cannot give a specific email-id in the script. So instead I removed that line, which gives me the default value of the sponsor's email id (Extracted from the AD/LDAP) when the Approve message pops-up - Not allowing the sponsor to edit the field.

I am going to use this script for now. Thanks a ton!

<script>

setTimeout(function() {

    $('[href="#approve"]').on('click', function() {

        $('#approveForm input').prop('disabled', 'true');

    });

}, 4000);

</script>

View solution in original post

This is great can you please let us know how the flow will work in future? Seems like there Is a bug if a user changes their email address?

Perhaps we can somehow make this whole thing better? I am thinking that the sponsor would only be asked once to validate their email and future they would change it in the upper right as a setting?

Jason,

It seems like a bug to me as well, what if somebody mistakenly enters incorrect email? There is noway they will figure out why they don't see the pending accounts requests next time a guest account is requested to that sponsor for approval (Considering OWN_ACCOUNTS was set as a sponsor group). Surely we can make this thing better. My suggestion is we can have a settings gear for the sponsor portal where users can edit their profile only to some extent (for example- email address).

Anyways, this is how the flow will be after adding the script:

Sponsor will login to the sponsor portal > Click on the 'Pending Accounts' tab > selects the pending guest account from the list and click on Approve button> Approval confirmation pops-up > [Although 'Sponsor's Email address' input text field is disabled, Sponsor can see their email address that is in the database(AD/LDAP/LOCAL - based on the user)] Sponsor clicks on 'OK' to approve without modifying anything. (Please refer below image).

SponsorApproval-Correction.JPG

Please open bug

How come you’re not using single click approval

Haha.. I am Glad you asked that!

Customer do not want to use one click approval, so instead of the approval link I added the sponsor portal URL link in the email sent to the sponsors. The customer wants the sponsors to login and go to pending accounts to see the request and than approve it, but they don't want the users to edit the sponsor's email address during approval.

Just following orders!

Seems like we have 2 issues here

One if the sponsor changes their email then they could have accounts assigned to old and new email addresses? That’s a bug to me as there should be some key to track that

The other issue is you want a script to hide the user from changing this box? And for it to click automatically? What happens if they truly need to change their email?

Content for Community-Ad