In case of Guest Wireless Internet Access involving Self-Registration with Sponsor Approval workflow, currently a Sponsor can VIEW and APPROVE ALL self-registered guest requests.
Currently in the default sponsor portal, a sponsor will be able to see & approve all guest registrations whether the guest has come to visitor that particular sponsor or not. There was no configuration to LIMIT a sponsor to view only the guests who has come to meet that particular sponsor.
ISE 2.1 For SAML and ISE built-in users you can filter off the person being visited
Approve and view requests from self-registering guests—Sponsors who are included in this Sponsor Group can either view all pending account requests from self-registering guests (that require approval), or only the requests where the user entered the Sponsor's email address as the person being visited. This feature requires that the portal used by the Self-registering guest has Require self-registered guests to be approved checked, and the Sponsor's email is listed as the person to contact.
Any pending accounts—A sponsor belonging to this group an approve and review accounts that were created by any sponsor.
Only pending accounts assigned to this sponsor—A sponsor belonging to this group can only view and approve accounts that they created.
There is no direct workaround. A special workaround can be creating your own Sponsor portal using ISE REST APIs
PLEASE NOTE THAT THE PORTAL CUSTOMIZATION AND CUSTOM PORTALS USING REST APIs ARE NOT SUPPORTED BY TAC. THE REST API ITSELF WILL BE SUPPORTED BY TAC.
There is a Rest API call which will enable a sponsor to see all the guest requests. The same API call allows filters to be crafted on certain fixed parameters provided by the guest during his registration request. This article describes the workaround using this API call. In this article I am giving the minimum necessary steps and REST calls in this article and not the code to create the portal itself. The idea is that the System Integrator can build the sponsor portal himself as needed using the language of his choice. In the backend that will make the REST calls to ISE.
Step 1: Navigate to ISE -> Guest Access -> Settings -> Custom Fields to create the new custom field “CompanyName”
Step 2: Navigate to ISE -> Guest Access -> Configure -> Guest Portals -> Select the Portal Name -> In the Portal Behavior and Flow Settings Tab -> Click on Self-Registration Page Settings select the newly added Custom Field
Step 3: Navigate to ISE -> Guest Access -> Configure -> Guest Portals -> Select the Portal Name -> In the Portal Page Customization Tab -> Click on Self-Registration to add some cosmetic details
Below screenshots show the building of a filter to see only the guests coming to meet particular sponsor. Note in the screenshot that we are passing the email id of the sponsor in the COMPANY field as explained earlier.
Hello,i have a N5k-k5548up-af and i have a acl for trusted network which is attached to line vty and to my uplinks interface, and i have around 250 interface vlan and my interface vlans can reach bgp port or snmp port, is there nayway that tune copp to pe...
I'm wondering when I read about Umbrella, and considering adopting in our enterprise network. Cisco said it is just required to change DNS ip to cisco Umbrella, I saw some document it can connect through IPSEC tunnel from local on-prem device to Cisco Umb...
Hello,There is a brand new deployment (primary/secondary node). That was the first time when I used "restore config procedure" and it stuck. I've been waiting for 4 hours without any luck. I bet it's still hanging there. I don't have access right now. But...
Dear All,I writing to you because I can't find anywhere answer for my question. Basicly, I have migration from ASA(2xASA in failover active/standby) to FTD. I have 2xFTD 1140 and FMC. I want to migrate with minimal downtime, so in my LAB I prepared 1:1 mi...