07-28-2019 07:11 PM
Hello
Something I have always wanted to know .... but never got around to asking ...
When I create a new Guest Type (call it "ANNUAL_GUEST_TYPE" or whatever), ISE automatically creates a User Identity Group called GuestType_ANNUAL_GUEST_TYPE. I don't need this Group and I don't understand its purpose. I can't even delete this Group because it's system-generated. Therefore it must have some special purpose.
If I am doing Sponsored Guest Access (which I am) then why do I also need a User Identity Group? UIG is a Group of internal users (NOT Guest users) that I create via a totally different mechanism.
Looking forward to the response :-)
07-28-2019 10:25 PM
Hello Arnie,
I did some tests around this, and while it creates the group automatically, it also gives flexibility to the admin to add guest user as part of this group. Also, with more guest users the guest flow with url-redirect, you can reference the guest group and create policies.
Thanks,
Nidhi
07-28-2019 11:13 PM
Hi Nidhi
The User Identity Group that ISE automatically creates is no different to a User Identity Group that I could have created myself, had I wanted such a facility. It seems like a back-door mechanism to add in a few local identities in ISE that may want to also use the Sponsored Guest facility without being created as an actual Sponsored Guest. Why would anyone want to do that, instead of creating the guest accounts properly in the first place?
URL re-direction is handled by MAB policies already - is there any value in using the User Identity Group? if you have an example I would like to learn more.
When I tested this too, I didn't see any entries in the User Identity Group after I logged in through the portal. When I click on the Add button, ISE only allows me to add local ISE accounts.
07-29-2019 01:21 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide