Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CIsco ISE 1.2 Identity GUEST

HI there. 

I already have guest solution on my ISE installation. With Sponsor and guest portal enabled. All guest users are created by sponsores with expiration time of 1 day. This one works fine. (All guest users are on Wireless)

I want to create one "special" guest account that dosent have any expiration time. But I am not sure how to separate that user from the other guest users, how can I build guest authz. policy that can differentiate between guest users? 

 

Thanks, 

Everyone's tags (1)
3 REPLIES
New Member

you could create an ISE local

you could create an ISE local user with a GUEST membership and provided you have your ISE password policy set so that it doesn't expire accounts, etc it would be a "permanent" guest account. we do something similiar. sponsors make temporary accounts while long-term or test guest accounts are created in the ise local identity store as guests and are processed the same way. you just have to ensure that the internal user store is part of your guest identity source sequence.

New Member

Hi Ben,thanks.I did try to

Hi Ben,

thanks.


I did try to create new guest user via the admin page and make it member of the "Guest" group. But if the guest login in he will see self provisiong page where the register button is grey out.

All other temporary guest users can still login directly without self provisioning.  What part in configuration should I correct before this will work with the permant guest user will work ?

Cisco Employee

check ActivatedGuesthttp:/

check ActivatedGuest

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_guest_pol.html#pgfId-1598941

133
Views
0
Helpful
3
Replies
CreatePlease to create content