Solved: ISE Sponsor Portal

bawagne · ‎09-29-2020

Hello

I have a use case where customer want to have several sponsor portals each tied to an SSID and they want to have several group of sponsors and Each sponsor group can only authenticate to her/his sponsor portal.

Ex:

Sponsor Group 1 / AD= group1 --> Sponsor Portal 1

Sponsor group 2 / AD= group2 --> Sponsor portal 2.

I have seen that we can tie a group of sponsor to a specific AD group, but how can i tie this sponsor group to a specific portal.

Many Thanks

Babacar

Greg Gibbs · ‎09-30-2020

I'm not sure there is a way to do what you are asking unless you use completely different Identity Stores (e.g. AD for one, LDAP/Internal for the other; separate AD Join Points, etc) for the separate Sponsor Portals.

You restrict Sponsor logins using secondary attributes by pointing ISE back to itself as per this ISE Sponsor & My Devices Authorization on Secondary Attributes (LDAP) document, but I cannot see a way to differentiate between the different Sponsor Portals in the AuthZ Policy.

View solution in original post

Mohammed al Baqari · ‎09-29-2020

Hi,

You can do this using authorization policies. Match AD groups and use the
referenced sponsor portail as authorization policy result

**** please remember to rate useful posts

bawagne · ‎09-30-2020

Hello Mohammed

Many Thanks for your feedback.

Please can you give more details on where you define this policy for the sponsor.

Best REgards,

Babacar

Greg Gibbs · ‎09-30-2020

I'm not sure there is a way to do what you are asking unless you use completely different Identity Stores (e.g. AD for one, LDAP/Internal for the other; separate AD Join Points, etc) for the separate Sponsor Portals.

You restrict Sponsor logins using secondary attributes by pointing ISE back to itself as per this ISE Sponsor & My Devices Authorization on Secondary Attributes (LDAP) document, but I cannot see a way to differentiate between the different Sponsor Portals in the AuthZ Policy.