Showing results for 
Search instead for 
Did you mean: 
Cisco Community November 2020 Spotlight Award Winners

Lab Config Guide: ISE 2.1 with Ping Fed for Guest Web Auth & Sponsor Portal SAML SSO


This is a lab configuration guide that was used for setup of ISE 2.1 with PingFederate for Guest and SAML SSO. It has most of what is needed to get your portal up and running with Ping (except for the authz rules). Its a sample guide to use and help you out.

ISE 2.1 Enhancements being showcased in this guide:

New SAML Server support —Cisco ISE end-user web portals now support PingIdentity (Cloud), PingFederate (CPE), Azure Active Directory, SecureAuth, and servers running generic SAML 2.0.

Single portal for credentialed and SAML SSO login —The login portal can be configured to provide the option to log in with credentials, or to click a link that redirects the user to an SSO portal page. The link that the user clicks to redirect to an SSO provider can be customized.

Sponsor Approval Filtering —A sponsor can be limited to approving accounts based on the sponsor’s email address, or all pending accounts. Currently this feature is supported only for internal sponsors and SAML SSO sponsors.

The guide shows the following configurations:

  • ISE configuration of Guest & Sponsor Portal as Service Providers
  • PingFederate configuration as an iDP
  • ISE 2.1 integration of Guest and Sponsor Portals SAML SSO with PingFederate
  • Single Guest Portal
    • Self-registration with Sponsor Approval
    • Guest logins
    • Employee logins via SSO
  • Sponsor Portal
    • Employee logins via SSO
    • Pending Accounts list filtered based on Sponsors email address (via SAML)
Content for Community-Ad