12-19-2018 12:41 AM
Hi,
I want to restrict AD group (VIPUserMAB) on guest self-reg portal with remember me option enabled; how can i do this?
is it possible?
12-19-2018 04:08 AM
12-19-2018 08:51 AM
The problem you are going to run into is that the authentication is for the endpoint and not the user since user credentials are not apart of the MAB process. The way you currently have policy configured is to allow any MAC address in the VIPUserMAB endpoint identity group will receive the GuestPermit authorization result (if you were to enable it). There is no username component to the authorization rule and because the use case is wireless MAB, you won't receive a username. Just the MAC address.
Regards,
-Tim
12-19-2018 03:19 PM
@Timothy Abbott is correct. there is no way to mix REMEMBER ME based of MAB endpoint group and Active directory group.
There is a way to do it but its a little crude.
Check out special flows
12-26-2018 11:59 PM
@Jason Kunst wrote:
@Timothy Abbott is correct. there is no way to mix REMEMBER ME based of MAB endpoint group and Active directory group.
There is a way to do it but its a little crude.
which one?
12-27-2018 01:18 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide