cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1216
Views
5
Helpful
3
Replies
bawagne
Cisco Employee

ISE Sponsor Portal

Hello

I have a use case where customer want to have several sponsor portals each tied to an SSID and they want to have several group of sponsors and Each sponsor group can only authenticate to her/his sponsor portal.

 

Ex:

 

Sponsor Group 1 / AD= group1 --> Sponsor Portal 1

Sponsor group 2 / AD= group2 --> Sponsor portal 2.

 

I have seen that we can tie a group of sponsor to a specific AD group, but how can i tie this sponsor group to a specific portal.

 

Many Thanks

Babacar

 

1 ACCEPTED SOLUTION

Accepted Solutions

I'm not sure there is a way to do what you are asking unless you use completely different Identity Stores (e.g. AD for one, LDAP/Internal for the other; separate AD Join Points, etc) for the separate Sponsor Portals.

You restrict Sponsor logins using secondary attributes by pointing ISE back to itself as per this ISE Sponsor & My Devices Authorization on Secondary Attributes (LDAP)  document, but I cannot see a way to differentiate between the different Sponsor Portals in the AuthZ Policy.

View solution in original post

3 REPLIES 3
Mohammed al Baqari
VIP Advisor

Hi,

You can do this using authorization policies. Match AD groups and use the
referenced sponsor portail as authorization policy result

**** please remember to rate useful posts

Hello Mohammed 

Many Thanks for your feedback.

Please can you give more details on where you define this policy for the sponsor.

Best REgards,

Babacar

I'm not sure there is a way to do what you are asking unless you use completely different Identity Stores (e.g. AD for one, LDAP/Internal for the other; separate AD Join Points, etc) for the separate Sponsor Portals.

You restrict Sponsor logins using secondary attributes by pointing ISE back to itself as per this ISE Sponsor & My Devices Authorization on Secondary Attributes (LDAP)  document, but I cannot see a way to differentiate between the different Sponsor Portals in the AuthZ Policy.

View solution in original post

Content for Community-Ad