Most use case one time setup for Guest network and forget it as long as it working as expected, and some monitoring and planning ( IP address and performance )

check the best guide :

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_pol_guest_foreign_vewlc.html#guest-access-config

Note : if you are using ISE then your get more visibility.

Its all depends on maintenance free, how you like guest to authenticated portal or pre-defined methods.

Employees at our place of business use the guest wireless to connect their cell phones.  Would they have to go to the portal each day when they connect for the first time?

What the key management you use?

MHM

To deploy a more secure/robust guest access the only option nowadays is to configure WPA3 Transition mode with Transition Disable, as there could be (and there are) lots of devices not supporting WPA3 to date becuase (1) they don't support SHA256 AKM or (2) the lack of support for 802.11w-PMF).

A more secure Guest access is that with a rotating PSK, this way you avoid outsiders who know the PSK to connect. This can be done with a simple Python script using random characters or predefined strings from a list, and autogenerate a QR code to be scanned for connectivity easyness.

Lastly, and very important if you are in the EU, is that you need to log user connectivity to be GDPR compliant, not all activity, but only the MAC address and/or valid email from those guests that use the guest access (the rest of information such as phone number would be personal information and that cannot be collected). This can be done with any Captive Portal solution, which does not provide a more secure access, but provides you with valid information to look at in case of any suspicious activity, or in case authorities request that. You can configure authorization for extended periods to all guests so they don't have to register every time, or use sponsor portals to grant semi-permanent or permanent periods to specific MAC addresses.

Use WPA3 OWE for devices that support it. 1/3 of our guest devices support it. No PSK needed and more secure than a shared PSK.

My advice is not to keep a SSID full open (not even by using OWE unless this is a pure guest SSID) as this way you invite all users out there to freely connect so 1) their devices increase channel and AP utilization a lot, which 2) impact performance on legit corporate users due to the increase in contention, 3) may exhaust your WAN BW (this is not recommended to use quotas as this way QoE from legit corporate users sharing the same channel also decreases) and 4) if your perimetral security is not properly filtering all unwanted traffic, this may serve as a door to commit illegal activities using your brand.