Remember this customization is per language, if you want to apply to other languages have to implement under each of them!
The final flow is the following:
guest user connects to SSID and after opening the browser is redirected to GuestPortal SelfRegistration page;
on SelfReg page user is asked to
put in his phonenumber
after that user clicks Registration button and is redirected to Login page, where he is asked to put in only password (password was generated by ISE and sent to user by SMS).
I am working on this piece for now user will have to enter username and password
The following information will hide the username field, have the user enter there phone number. In the background the system will put the phone as the username
Be aware that you’re forcing the user to use the same username so there maybe a collision if the user would try to register with same phone number after account has expired but hasn’t been purged, authorize the endpoint using endpoint groups instead. Create a guest account for 1 day and purge the accounts at 1 day, remember purging happens at 3am or so on the day after its marked for purge. If I register 9am today, my endpoint will be marked to purge 9am next day
Recommendation is to set to use authorization based off endpoint group and not the web authentication and set account to expire after 8 hrs purge expired accounts at 1 day and endpoint purge to 2 days (or even 3 days to be safe). If wanting week long access then set account to expire doesn’t matter as long as it happens before the purge..
Scripts works for default portals of Cisco ISE.
(For portals created by ISEPB should add a little changes for locators)
I am currently working on an ISE deployment where I am using a 3rd party wild card certificate for eap/peap authentication.There does not appear to be any issues with PCs or android devices but do have a small issue with IPhone. When connecting with an IP...
Any help would be appreciated.I can ping the other end of the tunnel but the line protocol on my side is down.Also, any debug hints would be helpful. Current configuration : 13779 bytes!! Last configuration change at 22:23:49 UTC Fri Feb 12 2021 by j...
We are moving from IKEv1 to IKEv2 on our hundreds of VPN tunnels. We are being told to use asymmetric PSK because it’s more secure than using PKI and private in-house certificates. I disagree but I’m not the expert in the area. Can anybody clarify how IKE...
Hello All,- I already applied "Envelope Sender DNS Verification" and "Sender Verification Exception Table" for my domains ( when you apply; "mail from: email@example.com" automatically rejected ) ( Good For Me )- If you will try to "mai...
I am trying to gain access to more attributes such as MacOS version since Apple may stop putting the version number in the User Agent field. I have JAMF as an MDM and already use it to validate compliance for VPN clients. I'm wondering if anyone has used ...