cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
372
Views
0
Helpful
3
Replies

CIsco ISE 1.2 Identity GUEST

Roger Base
Level 1
Level 1

HI there. 

I already have guest solution on my ISE installation. With Sponsor and guest portal enabled. All guest users are created by sponsores with expiration time of 1 day. This one works fine. (All guest users are on Wireless)

I want to create one "special" guest account that dosent have any expiration time. But I am not sure how to separate that user from the other guest users, how can I build guest authz. policy that can differentiate between guest users? 

 

Thanks, 

3 Replies 3

ben.posner
Level 1
Level 1

you could create an ISE local user with a GUEST membership and provided you have your ISE password policy set so that it doesn't expire accounts, etc it would be a "permanent" guest account. we do something similiar. sponsors make temporary accounts while long-term or test guest accounts are created in the ise local identity store as guests and are processed the same way. you just have to ensure that the internal user store is part of your guest identity source sequence.

Hi Ben,

thanks.


I did try to create new guest user via the admin page and make it member of the "Guest" group. But if the guest login in he will see self provisiong page where the register button is grey out.

All other temporary guest users can still login directly without self provisioning.  What part in configuration should I correct before this will work with the permant guest user will work ?

Venkatesh Attuluri
Cisco Employee
Cisco Employee

check ActivatedGuest

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_guest_pol.html#pgfId-1598941

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: