cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

505
Views
0
Helpful
2
Replies
stucke01
Beginner

ISE - Sponsor Portal - Delegate

Today we have deployed guest wireless to all of our facilities using ISE - Sponsor Portal.  Our steps are as followed:

1.) User connects their device to our guest SSID.  They are presented with a username and password, which they do not have yet.

2.) They click on the hyperlink that says, "Register for guest access"

3.) The Visitor has to fill out the following:

First Name*

Last Name*

Email address*

Phone Number

Company*

Time Zone*(provided drop down list)

Person being visited (email) Not your own*

Reason for visit

Then they click register

 

4.) An email is then sent to the person's e-mail that the visitor stated above.

5.) Employee receives the e-mail and either accepts or denies.  If accepted, the employee is re-directed to our company Sponsor Portal page requesting the employee's LAN credentials to approve.

6.) Then the visitor recieves their username and password to their e-mail account.

 

 

Here is where I need help.  All of our sites are using this system, except for our WHQ.  Our executive staff is not going to want to allow or deny visitors as they arrive, they are going to want their AA (administrative assistance) to handle that for them.  Is there a way in ISE to re-direct the Guest Approval Request e-mail to go to the administrative staff instead of the Executive member, without the visitor specifying that it must go to the AA?

1 ACCEPTED SOLUTION

Accepted Solutions
RichardAtkin
Participant

In the portal you can make it send all of the access reqeust e-mails to a particular account (ie, your Administrative staff), but you can't enable that at the same time as having the e-mail get sent to a nominated individual.  The solution is to spin up (duplicate) a second portal, that is identical in every way apart from that one setting.  Once you have the portal setup, you can direct Users to it by creating a new condition/authorisation policy that looks for AP Group as well as SSID in the called-station-ID.

 

You may need to update the RADIUS Authentication Called-Station-ID format in the WLC for this to work as it does not default to including the AP Group...

 

Job done.

View solution in original post

2 REPLIES 2
RichardAtkin
Participant

In the portal you can make it send all of the access reqeust e-mails to a particular account (ie, your Administrative staff), but you can't enable that at the same time as having the e-mail get sent to a nominated individual.  The solution is to spin up (duplicate) a second portal, that is identical in every way apart from that one setting.  Once you have the portal setup, you can direct Users to it by creating a new condition/authorisation policy that looks for AP Group as well as SSID in the called-station-ID.

 

You may need to update the RADIUS Authentication Called-Station-ID format in the WLC for this to work as it does not default to including the AP Group...

 

Job done.

hslai
Cisco Employee

Adding to Richard's...

Many email systems let us set delegation and inbox rules to organize or forward based on conditions. You might want to consider such, as an alternative.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube