is that post upgrade?

try to use the 'Editor'  to find the attribute.

Hi

It is a fresh install of the FCS code.

I see no UseCase option (with no filters). In fact the only options available are the ones bellow...

Your screenshot looks like from the conditions studio for authentication policy rules. If that is the case, it's expected not having NA.UseCase, as such attribute will not work correctly during authentication evaluation.

In fact, my intention is to use "Network Access:UseCase EQUALS Guest Flow" as the selection criteria to choose Captive Portal authentication in the Policy section, as I have been doing from the first ISE version that supported Policy Sets many years ago...

ISE 2.3 (where I cannot use "Network Access:UseCase EQUALS Guest Flow"):

ISE 2.2 (and previous) were I could use "Network Access:UseCase EQUALS Guest Flow"):

Any other alternative?

Thanks

The attribute has been removed as a fix for CSCvc98033 and ISE 2.3 is the only shipping release with this fix.

It's not common to use such attributes for authentications as they would only work for re-auth of an existing session and their existence causes confusion to customers.

I do not see any workaround other than for you to re-design the policy sets and moving that inside of an policy set and under authorization.

I agree with Hsing. The session is not considered a guest flow until after authentication. This means you would have the same session using two different policy sets. This document has a good description for how that use case is intended to be used: https://supportforums.cisco.com/document/110031/central-web-authentication-cwa-guests-ise This is another page with a similar description: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200273-Configure-ISE-Guest-Temporary-and-Perman.html

Essentially that is correct.