Solved: Re: SELF-REGISTERED GUEST NOT REQUIRED TO LOGIN

kajibola · ‎11-24-2017

I am currently deploying ISE for a client. The client want a situtation whereby guest go through the process of self-registration and to have access immediately after the registration is submitted. No need to login at all. I don't see this possible with self-registration, any idea or option.

Thanks.

Jason Kunst · ‎11-24-2017

That’s available like I said in my response

Set up guest registration with login button on the self reg success page and automatic endpoint registration

Authorization rules

If wireless mab and guest endpoint then permit guest access

If wireless mab then redirect to self reg page

View solution in original post

Jason Kunst · ‎11-24-2017

Yes under the self registration portal settings

On the self reg success page allow user to login

This will give them a button to login after they are done with registration

kajibola · ‎11-24-2017

The client just want guest to have access after registration without needing to type in username and password.

Only registration is required for internet access, login is not wanted.

Jason Kunst · ‎11-24-2017

That’s available like I said in my response

Set up guest registration with login button on the self reg success page and automatic endpoint registration

Authorization rules

If wireless mab and guest endpoint then permit guest access

If wireless mab then redirect to self reg page

kajibola · ‎11-25-2017

@Jason

Allowing guest to be directed to self registration success page allows them to sign-on without needing any login (since approval have been disabled).

Also setting a condition of EndPoints:LastAUPAcceptanceHours LESS 12 to deny and setting guest type to have access only within 8am to 6pm restric guest to only have the free internet access or register through the self-reg portal once in a day.

Thanks.

Jason Kunst · ‎11-25-2017

under self registration success page portal settings you can allow user to login directly without any credentials

to set the access times you do that under the guest type

im not sure what you’re trying to accomplish with the last aup acceptance , what you’re setting doesn’t make sense to me as someone would always hit that rule of last accepted under 12 hours, pleased explain

kajibola · ‎11-26-2017

1. Guest login in directly after registering have been achieved by directing guest to self-registration success page after registering.

2. Guest can only access the network during 8am to 5pm, Monday through Friday. This was set under guest type.

3. The self-registration guest was assigned to a guest type of 20 minutes access.

4. Customer wants guests to be able to use the 20 minutes access once in a day. Meaning once you register on the portal, you only have 20 minutes access after which you will be disconnected from the network. The customer don't guest to register again and have another 20 minutes access within same day.

5. Setting the AUP policy of not less than 12 hours means if you register on the guest portal and get your 20 minutes access. After the expiry of the 20 minutes access you can't successfully re-register to have another 20 minutes access. If you try doing this you will hit the AUP policy which will deny you because you have accepted an AUP during the first 20 minutes session which is not up to 12 hours. This means you can't have the second 20 minutes access until the time you accepted the first AUP is equal or greater than 12 hours.

If you are registering for the first time in a day, you wont hit the AUP policy.

You will only hit the AUP policy if you are registering the second time in same day.

With this policy guests can only enjoy the 20 minutes access once in a day.

Hope am able to explain it well.

Thanks.

Jason Kunst · ‎11-26-2017

Yes sounds fine please test it out

Also see http://cs.co/ise-community

Guest & web auth section

Sounds like the following link

https://communities.cisco.com/thread/65972