Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
5
Helpful
3
Replies

ISE - Web Authentication Registration

nrunge1
Level 1
Level 1

‎05-05-2014 08:10 AM - edited ‎03-10-2019 09:41 PM

I have a guest portal on ISE configured for central web authentication for our wireless network. I only purchased the basic licensing because I am not interested in the product for profiling, mobile device management, etc.

 

Is there a way that I can have ISE grant a user access for several months (a semester) without having to login to the web portal again?

It might help to mention that I don't mind if the students cannot manage their connected devices.

 

Labels:
0 Helpful
3 Replies 3

Stephen McBride
Level 1
Level 1

‎05-05-2014 09:07 PM

On the surface of it I can't see a way for you to grant access without logging back into the portal - especially with mobile devices. What you could do as another option is use ISE "activated guest" credentials for a PEAP connection on your SSID.

Basically you would create the accounts via the sponsor portal as per usual but instead of "guest" use "activated guest". You would then need to reconfigure your SSID to support EAP and create associated ISE policies to support PEAP and checking users are part of the activated guest group. What this then means is that once credentials are entered they can be remembered by the client device.

The only real drawback to this method is the lack of AUP which get via the portal. I always get around this by providing the AUP (or links to) on the instructions provided to the client upon receipt of the credentials.

 

Hope this make sense.

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎05-12-2014 03:35 AM

Activated Guest role which can be used for those customers who want to grant access to a more secure network (dot1x/VPN for remote users) without needing to login to the Guest Portal to activate the user account. This also gives the guest a way to connect and cache their credentials via their dot1x supplicant instead of having them login to the guest portal via redirection every time they connect to the network.

0 Helpful

nrunge1
Level 1
Level 1
In response to Venkatesh Attuluri

‎05-12-2014 12:13 PM

Thanks for the feedback. It pretty much confirmed what I had already thought. 

Some of the motivation here is to have more accountability with access. I see now that is only going to come with more advanced licensing. 

I think that we are really in the market for an mdm/byod onboarding captive portal. That changes the entire scope of things. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents