In case of Guest Wireless Internet Access involving Self-Registration with Sponsor Approval workflow, currently a Sponsor can VIEW and APPROVE ALL self-registered guest requests.
Currently in the default sponsor portal, a sponsor will be able to see & approve all guest registrations whether the guest has come to visitor that particular sponsor or not. There was no configuration to LIMIT a sponsor to view only the guests who has come to meet that particular sponsor.
ISE 2.1 For SAML and ISE built-in users you can filter off the person being visited
Approve and view requests from self-registering guests—Sponsors who are included in this Sponsor Group can either view all pending account requests from self-registering guests (that require approval), or only the requests where the user entered the Sponsor's email address as the person being visited. This feature requires that the portal used by the Self-registering guest has Require self-registered guests to be approved checked, and the Sponsor's email is listed as the person to contact.
Any pending accounts—A sponsor belonging to this group an approve and review accounts that were created by any sponsor.
Only pending accounts assigned to this sponsor—A sponsor belonging to this group can only view and approve accounts that they created.
There is no direct workaround. A special workaround can be creating your own Sponsor portal using ISE REST APIs
PLEASE NOTE THAT THE PORTAL CUSTOMIZATION AND CUSTOM PORTALS USING REST APIs ARE NOT SUPPORTED BY TAC. THE REST API ITSELF WILL BE SUPPORTED BY TAC.
There is a Rest API call which will enable a sponsor to see all the guest requests. The same API call allows filters to be crafted on certain fixed parameters provided by the guest during his registration request. This article describes the workaround using this API call. In this article I am giving the minimum necessary steps and REST calls in this article and not the code to create the portal itself. The idea is that the System Integrator can build the sponsor portal himself as needed using the language of his choice. In the backend that will make the REST calls to ISE.
Step 1: Navigate to ISE -> Guest Access -> Settings -> Custom Fields to create the new custom field “CompanyName”
Step 2: Navigate to ISE -> Guest Access -> Configure -> Guest Portals -> Select the Portal Name -> In the Portal Behavior and Flow Settings Tab -> Click on Self-Registration Page Settings select the newly added Custom Field
Step 3: Navigate to ISE -> Guest Access -> Configure -> Guest Portals -> Select the Portal Name -> In the Portal Page Customization Tab -> Click on Self-Registration to add some cosmetic details
Below screenshots show the building of a filter to see only the guests coming to meet particular sponsor. Note in the screenshot that we are passing the email id of the sponsor in the COMPANY field as explained earlier.
Hi all, I have a cluster of 2x FTDs running on 2130 with version 18.104.22.168 which is managed by my FMC. In the threat defense policy which is applied to my FTD cluster, the Secure shell settings in my platform settings is blank but i am able to ssh...
Hi,I'm having a problem routing LAN traffic out through the firewall. I've read the multiple posts with the same problem but their solutions have not worked for me. Traffic flow isInternet - Cisco ME3400 - Firepower2110 (ASA) - Switch - PC Netwo...
We are on ISE 2.4 and have configured AD <> ISE integration using WMI (to get information of AD users) Some providers suddenly went offline for no reason, we had to manually add back integration Is there a way to set an email alertin...
Hello, I recently tried to upgrade my ESA (virtual appliance) from 13.5.3-010 release to the latest GD release 22.214.171.1242/Once i download the stuff, and try to install , few seconds after i have the following kind of error (attached an extract) ...