Cisco Support Community
Community Member

Authorization denial messages to clients or URL redirection once denied?

Our client would like to setup a Internet access solution for a limited number of employees belonging to a certain AD group.  I have Central web auth working and can easily grant or deny access/authorization by AD group memberships, but I want a more friendly "not authorized" message or url sent to the users whom are not in the permitted AD group.  Currently, a user not in the group (not permitted) can get the portal login page, followed by the AUP page, then they get the "login successful" just as the permitted users do.  This seems inappropriate when they then have no access to anything.

Note, we would like to do this without any advanced license needs on ISE.  We are using ISE solely for hosting our guest portals and then both local and external (AD) user authentication/authorization.


CreatePlease to create content