cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2694
Views
5
Helpful
3
Replies

ISE Sponsor Portal

bawagne
Cisco Employee
Cisco Employee

Hello

I have a use case where customer want to have several sponsor portals each tied to an SSID and they want to have several group of sponsors and Each sponsor group can only authenticate to her/his sponsor portal.

 

Ex:

 

Sponsor Group 1 / AD= group1 --> Sponsor Portal 1

Sponsor group 2 / AD= group2 --> Sponsor portal 2.

 

I have seen that we can tie a group of sponsor to a specific AD group, but how can i tie this sponsor group to a specific portal.

 

Many Thanks

Babacar

 

1 Accepted Solution

Accepted Solutions

I'm not sure there is a way to do what you are asking unless you use completely different Identity Stores (e.g. AD for one, LDAP/Internal for the other; separate AD Join Points, etc) for the separate Sponsor Portals.

You restrict Sponsor logins using secondary attributes by pointing ISE back to itself as per this ISE Sponsor & My Devices Authorization on Secondary Attributes (LDAP)  document, but I cannot see a way to differentiate between the different Sponsor Portals in the AuthZ Policy.

View solution in original post

3 Replies 3

Hi,

You can do this using authorization policies. Match AD groups and use the
referenced sponsor portail as authorization policy result

**** please remember to rate useful posts

Hello Mohammed 

Many Thanks for your feedback.

Please can you give more details on where you define this policy for the sponsor.

Best REgards,

Babacar

I'm not sure there is a way to do what you are asking unless you use completely different Identity Stores (e.g. AD for one, LDAP/Internal for the other; separate AD Join Points, etc) for the separate Sponsor Portals.

You restrict Sponsor logins using secondary attributes by pointing ISE back to itself as per this ISE Sponsor & My Devices Authorization on Secondary Attributes (LDAP)  document, but I cannot see a way to differentiate between the different Sponsor Portals in the AuthZ Policy.