Marvin,

Thank you for your reply.

Does it means that the only way to have a guest account which is active in a short period of time, is to create that user account using an sponsor ?

To make it happen, which steps do I need to pass on WLC and ISE.

Regards,

Mahdi

You can allow sponsors to select the time period for which a given guest account is active.

If the guest is self-registered, you can choose what "guest type" endpoint group the portal assigns the self-registered account into.

See this link for how guest types are customized:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01110.html#task_007858F446DB460282E8693040F3236A

We use Central Web Authentication with ISE and WLC so the WLC settings aren't specific to this use case but rather general to all ISE uses.There are numerous how-to guides which can be found among others here:

https://communities.cisco.com/docs/DOC-64018

I would especially recommend the links on that page for "Special Flows". There are a couple of examples on how to restrict account duration for guests.

Thank you for your reply!

What I actually try to find is starting user lifetime decrease after guest user login (not after creation by sponsor user).

What we have now is a guest user connects to WLC, then sees the sponsored guest portal, then he/she can login using accounts that sponsored created.

Best Regards,

Mahdi

ISE 2.1 added the ability to make the account duration begin as of first login:

Release Notes for Cisco Identity Services Engine, Release 2.1 - Cisco

Once you upgrade, that should do what you're asking.