This post explains the use case of having an ISE Guest user access the internet temporarly to be able to check their email for their credentials.
User wishing to access Internet from local library either via own wifi-only device or public shared PC in library
This is not a current feature of the product, please work with your account team to request this feature. Read below for other options.
1. User connects to open SSID with device 2. Captive portal requires them to complete personal details including valid email address 3. User completes the form and submits and is then given time-limited Internet Access (web security filtered) 4. User accesses their email from either their own device or from public shared device 5. User clicks a verification link sent from the guest management system which verifies the user and tells the portal service to reset the timer from 15 minutes to 24 hours (or similar) 6. User now has full, non- time limited access to the Internet 7. Provider can track usage of service by valid user email ID 8. Guest accounts are purged after expiry of timer
You can provide Internet access during portal redirect phase and set RADIUS session timeout in Authorization profileto 5 min, but nothing prevents user from constantly going back to redirect phase after timeout so not a good option if goal is Internet Only access. They could check their email this way with the cavaet you couldn’t redirect all internet to the ISE Guest Portal. You would need to setup a certain site in your redirect ACL that is interesting and only redirect on that. For example www.yourcompany.com So when they first came in the network and connected to Guest they would need to manually access this site to be redirected to the guest portal to create an account
Another option is to have a kiosk setup using a self-registration portal for email checking and/or printing
I attached a PDF of a sample way doing advanced customization on how to make a self-reg portal that could be used for this KIOSK concept. This could be adapted to have them go through self-reg sending the creds via email.
A better approach would be to use SMS with self-reg instead of email. As tracking to a mobile account is better tracking and don't need internet access to check for a text message.
For any help on advanced customization efforts please work with cisco partner for customized work flows. Cisco Supports the use of advanced customization with our portals but the TAC is not there to providing scripting or web development support.
We have the 2100 series Firepower in a 2-node cluster (v6.2+) managed by FMC (v6.3+). When we migrated from the ASA, the network objects and port objects from the configuration moved over as very generic names in the new configuration. We have...
Hi, We have a DNS rule that forces safe search on any valid browser, a second policy was set up for mainly the IT team top give more flexibility around safe search blocks. We verified both rules are set up in correct order for the rules to have ...
Hello,Recently upgraded to ISE 3.1 having an issue using the "choose file" button on the import endpoints screen. Button doesn't work ,won't click doesn't bring up the file bowser prompt. Happens with different browsers and different PCs/users. I can "tab...
Hi All, We are being bombarded with retrospective quarantine failure alerts on multiple Endpoints for a file that is part of Adobe Creative Cloud - we believe it is a false positive but cannot fetch copy of the file to sandbox and confirm - anyone el...