Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
5
Replies

Sponsor user able to see all the other sponsor groups by default

MaErre21325
Level 1
Level 1

‎08-07-2024 01:28 AM

Hello,

i deployed a cisco ise 3.1.0.518 Patch 8 and setup the sponsor portal to allow the creation of guest users.
I have 3 sponsor groups: 

  • Guest_Sponsor_3days  ---> can create account of 3 days duration
  • Guest_Sponsor_7days ---> can create account of 7 days duration
  • Guest_Sponsor_90days ---> can create account of 90 days duration

These 3 groups are referenced in AD in order that only a user in AD can create a guest account with the settings he hinerits based on his sponsor group.

The issue is that either a user belonging to 3 days or 7 days when creating the guest user can select the 90 days group profile although the 3 or 7 days sponsor group configurations is correct.

So the 3days sponsor user can see 3days and 90days option, the 7 days sponsor user can see 7days and 90days option.
the 3days and 7days are not able to see each other (that's why i'm thinking the configuration is correct).

Furthermore, all other users not included in the 3 AD groups are able to create the guest user with the  90days sponsor settings.
I think there may be a default option but if it is, i can't find it, or it may be a possibile bug?

In attachment the configuration of the 3days group.

Any advise is really appreciated.
Thank you

 

 

 

Preview file
95 KB
0 Helpful
5 Replies 5

Arne Bier
VIP
VIP

‎08-07-2024 07:00 AM

Have a look in each one of your three Sponsor Groups, what is the setting for "Sponsor Can Manage" - by default, the setting is "All guest accounts" - that might be the issue. It sounds like you want "Accounts created by members of the sponsor group" ? 

ArneBier_0-1723039167399.png

 

0 Helpful

MaErre21325
Level 1
Level 1
In response to Arne Bier

‎08-07-2024 07:15 AM

Hi @Arne Bier 
was thinking about it too, but even selecting "Accounts created by members of the sponsor group" the 3 and 7 days are still able to see the 90days group.
i'm thinking about a bug....

0 Helpful

Arne Bier
VIP
VIP
In response to MaErre21325

‎08-08-2024 02:07 PM

Ok - and since your attached screenshot was heavily redacted, I could not see which AD groups were used in each Sponsor Group - does each Sponsor Group have only one (or a unique set of) AD Groups listed there?

0 Helpful

MaErre21325
Level 1
Level 1
In response to Arne Bier

‎08-09-2024 12:30 AM

Yes Arne,

each Sponsor Group has a unique ad group associated, and that's why i can't understand why the 3 and 7 days sponsor group are able to see the 90 days too.

0 Helpful

Arne Bier
VIP
VIP

‎08-09-2024 02:02 AM

I agree. I'm not sure what else you can check. I'd open a TAC case to be sure

0 Helpful
Customers Also Viewed These Support Documents