Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
2
Replies

Guest access: multiple sponsor groups and guest portals

Go to solution
lnw-team
Level 1
Level 1

‎12-07-2023 06:36 AM

Hello,

In my ISE deployment I've got several sponsor groups and guest portals. My objective is to allow members of a specific sponsor group to create guest accounts that can be used only in a specific guest portal, for example: 

- Members of Sponsor Group "France", where only local IT staff and receptionists can log on, can create accounts for Guest Portal that is used in policy for that location.

In a nutshell, I would like to avoid situation in which once guest account is created, it can be used in any location, in any guest portal.

Is it doable? 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
abertore
Cisco Employee
Cisco Employee

‎12-08-2023 07:55 AM

Hi,

You will need to manage this with different Authorization Policies:

- If Location A, and Guest Type A => Redirect to right portal and Permit Access
- If Location B and Guest Type B => Redirect to right portal and Permit Access

This is because all the Guests are in a single database in ISE so technically they could login in different portals, but you can prevent this restricting the access through Authorization Policies.

Different Sponsor groups can be restricted to manage different Guest Types so you can actually restrict some type of Sponsors to create/approve only a set of Guests. 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
abertore
Cisco Employee
Cisco Employee

‎12-08-2023 07:55 AM

Hi,

You will need to manage this with different Authorization Policies:

- If Location A, and Guest Type A => Redirect to right portal and Permit Access
- If Location B and Guest Type B => Redirect to right portal and Permit Access

This is because all the Guests are in a single database in ISE so technically they could login in different portals, but you can prevent this restricting the access through Authorization Policies.

Different Sponsor groups can be restricted to manage different Guest Types so you can actually restrict some type of Sponsors to create/approve only a set of Guests. 

0 Helpful

Go to solution
lnw-team
Level 1
Level 1
In response to abertore

‎12-27-2023 07:01 AM

Hello, 

Thanks but unfortunately I cannot set such condition: "guest type" on Cisco ISE. Could you please point me the place where I can find it? 

 

0 Helpful
Customers Also Viewed These Support Documents