ISE 1.1 sponsor portal different type of guest accounts

Similar Messages

• Cisco ISE sponsor Portal email notification of guest account

  Is there anyway to not have the email button be displayed in the sponsor portal?  We don't have email or SMS enabled and sponsor users are complaining that the button is there but doesn't work, it woul be really good if you could just remove it.  I have looked at the sponsor language template configuration but it doesn't appear to be able to not display the button just rename it?
  any information would be much appreciated.
  Craig

  Martin,
            thank you very much for the information, I don't think I would ever have checked there for this configuration.  It is taking me awhile to get used to the ISE GUI, I don't find it particularly intuitive but hopefully I will get there.
  thanks
  Craig

• ISE 1.3 Sponsor Portal.

  Hi There, Just trying out ISE Version 1.3 and encountering some issues getting access to the sponsor portal.
  Just checking about a Standalone deployment is it OK to have the sponsor portal interface the same as you manage the ISE from?
  I cant seem to get to the sponsor portal on 8443 it just doesn't display the page. It doesn't even fill out the URL at the end.
  When I fill in the URL for it. I get this.
  The Portal is set up like this So from what I see it should work. If I use the preview button in the portal set up I can get to it fine. Am I missing something?

  Graham,
  I've seen this a few times.  Do you have separate PSNs?  Note that the DNS entry (Alias) for the Sponsor Portal needs to point to a PSN and NOT the Admin Node.  This usually fixes the issue.  Create an alias in DNS for sponsor.domain.com (replace domain.com to reflect your domain name) and point it to a PSN.  Then type sponsor.domain.com into your browser.  The system will redirect to the default Sponsor Portal.
  Note this Capture from the ISE 1.3 Admin Guide:
  The full guide can be found here:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13.pdf
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• ISE 1.3 Sponsor Portal mandatory fields

  Hello,
  in the ISE 1.2 version it was possible to say that some fields are mandatory like first name or company.
  I cannot find this setting in the ISE 1.3 version.
  Regards
  filip

  Leoni,
  These settings are found by going to Guest Access > Configure.  Select Sponsor Portals and choose the Sponsor Portal in which you are working.  Click Portal Page Customization
  Once there, select your Guest Type.  I chose Create Account for Known Guests.  Then choose Settings over the preview image.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• ISE 1.2 Sponsor portal port change not working

  Hi,
  Has anyone else had an issue where they change the default port number of the sponsor portal on the Admin node, all ISE restart, but the sponsor portal still only works on the default 8443 port?
  Thanks,
  Ct

  Hi,
  As you know that default port is 8443, but you can change this value so ensure that the same value you assign to the switch and it matches the setting in Cisco ISE.

• ISE 1.2 Sponsor Portal issue

  Hi
  we have an ISE version 1.2 installation and are trying to customise the Sponsor Portal login page to show the Terms and conditions for staff whan accessing the page, by using the display pre-loign banner under the sponsor portal themes settings.
  We have added the text for both pre and post login banners and have selected the check boxes for both but for some reason when saved the text does not display and the check boxes show as being un checked when going back to the page. Is this a bug ?? i have reset to factory defulats and re tried but still not working.. any help would be appreciated

  It may be a browser issue. Please check the supported Operating Systems and Browsers for Sponsor, Guest, and My Devices Portals:
  These Cisco ISE portals support the following operating system and  browser combinations. These portals require that you have cookies  enabled in your web browser.
  Table 8     Supported Operating Systems and Browsers
  Supported Operating System Browser Versions
  Google Android 1 4.0.4, 4.0.3, 4.0, 3.2.1, 3.2, 2.3.6, 2.3.3, 2.2.1, 2.2
  •Native browser
  Apple iOS 6, 5.1, 5.0.1, 5.0
  •Safari 5, 6
  Apple Mac OS X 10.5, 10.6, 10.7, 10.8
  •Mozilla Firefox 3.6, 4, 5, 9
  •Safari 4, 5, 6
  •Google Chrome 11
  Microsoft Windows 82
  •Microsoft IE 10
  Microsoft Windows 73
  •Microsoft IE 9
  •Mozilla Firefox 3.6, 5, 9
  •Google Chrome 11
  Microsoft Windows Vista, Microsoft Windows XP
  •Microsoft IE 6, 7, 8
  •Mozilla Firefox 3.6, 9
  •Google Chrome 5
  Red Hat Enterprise Linux (RHEL) 5
  •Mozilla Firefox 3.6, 4, 5, 9
  •Google Chrome 11
  Ubuntu
  •Mozilla Firefox 3.6, 9

• ISE 1.2 Sponsor Portal- Account Expiration Date Defaults to same time as Start Date

  We have a time profile setup for ISE Sponspr Portal with Start/End.  I understand this allows the sponsor to specifially set the start and end time for the guest account.  When creating an account, the Start/End time is the same time.  If a Sponsor forgets to set the end time, then the guest account will be created, but will expire not allowing the guest to login.  It would be nice to have the end time default to something other than the start time, like 8 hours default.  Is this possible?  Can the expiration time default to something like 8 hours, but still give the Sponsor the ability to adjust the start/end times if needed?  This is very simple, and I cannot believe this is not available.

  Beginning with Cisco ISE 1.2 time profiles are referred to as the account duration in the Sponsor portal.
  Cisco ISE 1.2 includes these default time profiles, which replace the profiles available previously:
  DefaultFirstLoginEight—the account is available for 8 hours starting when the guest user first successfully connects to the Guest portal. This replaces the DefaultFirstLogin time profile.
  DefaultEightHours—the account is available for 8 hours starting when sponsors first create the account. This replaces the DefaultOneHour time profile.
  DefaultStartEnd—sponsors can specify dates and times on which to start and stop network access.
  Upon expiration of their account per their assigned time profile, they will no longer be able to login or access the company network.
  If a guest were to return to the network, the sponsor can change the account duration via the sponsor portal to grant them access again and then require them to change their password if deemed necessary (depending on the settings). Changing account duration can be used for extending a guest users access longer than the original setup.
  If you upgrade to Cisco ISE 1.2, the older time profiles are still available, but you can delete them if you are not using them. If the older time profiles are assigned to a sponsor group, a message alerts you before deleting. If you perform a new installation of Cisco ISE 1.2, only the new time profiles display.

• ISE 1.2 sponsor portal - disabling default languages

  Hi,
  We are implementing Cisco ISE 1.2 and have a question on the sponsor portal languages.
  The client company's official language is English and so we would like to disable all other languages from the sponsor portal. If we don't do it, the users might select their native language (on the sponsor settings and/or the guest notification language) meaning that we have to customize and maintain all 15 language templates.
  It has alread happened during the tests: a sponsor created a guest account and choose a notification language other than English - the SMS was not sent because the "Destination" on the "SMS text message notification" default value is "[email protected]".
  Thanks in advance.
  Regards,
  Telmo Oliveira

  Hi all,
  This reply to myself is done for documentation proposes, it can help someone with the same challenge.
  Today I was at an event at Cisco where ISE 1.3 beta was presented. This version will have already the option to choose between browser locale or static language template. Talking to the Cisco eng. responsible for the presentation, he told me that 1.2 had no way to do it.
  Cisco ISE 1.3 is now planned to be release end of 2014.
  Regards,
  Telmo Oliveira

• ISE 1.3 Sponsor Portal problem

  Hello Guys,
  I configured one Guest WLAN to authenticate via ISE Web Portal.
  The wlan, the redirect, everything is working fine. Y
  Yesterday i created one user and password using the sponsor portal normally, but today, i tried to connect on the sponsor page and i got the error:
  Sponsor Portal Internal Error
  Please contact System Administrator. If you are the System Administrator please consult the logs.
  I tried to restart the application ise via cli but didin't works.
  Can you help me? Where these logs are located?
  Thank you.

  Look at you Rafael, coming up with problems and solving them yourself! :) Thanks for sharing the solution with everyone (+5 from me). Let's close the thread if the issue is resolved :)

• Now have iphone6 and signed for different type lower cost account. Not seen on billing service. to have started Oct 1,2014

  **after receiving iphone6 and signing 2 year contract, negotiated for a change in plan with lower cost and discount... not seen on october bill as promised..totally unable to obtain help on phone to verizon. thanks

  Thanks for the response. I had the 65 advantage plan for 2 years. Service rep at Verizon store assisted me when I activated my new iPhone 6. She noted that over the 2 years i had used only a few minutes of talk, one to 2 texts per month ( at a fee of $. 20 each ) and a minuscule amount of data... and that the phone was for emergency contact to me from my disabled invalid wife only. She searched and found a discount special plan for a savings of  $15.00 per month with a final monthly fee before taxes of $45 and not $59 per month to start on Oct 1st. It does not have a name to the plan just that it carries this special discount. That is all I can tell you. Thanks for the assistance. Await your reply. Thanks
  Bob Bonus
  [email protected] <mailto:[email protected]>  this is Incorrect email........... should be  [email protected]    Wednesday oct 8th, 2014... do not know if you received this response to your email a few days ago. Sorry for the mistake. Await your response. thanks
  bob bonus

• The different types of User accounts

  Hello,
  This mainly stems from the fact I would like to add a Router to my CNA (Cisco Network Assistant) community.  And am not sure which user credentials I need to apply on CLI.
  To note I have enabled IP http server.
  So from the list below what are the credentials used for and when should they be used for accessing the device via ssh / telnet / http / cna    ??  
  enable password  -   ??
  enable secret   -  ???
  username abc privilege 15 secret 0 xyz    -   ??    ( I thought it would be this, but does not appear to work with HTTP or CNA.)
  login console or VTY   there is the option for......
  password   -  ??
  login   - ??
  login local   -  ??
  If there are more please advise, however  note this is the "Getting started with LANS" so no need to go overboard :)
  I hope I have explained myself properly. 
  regards

  This should get you going:
  username bob priv 15 password changeme 
  enable secret changeme
  ip http server
  ip http authentication local
  line con 0
  login local
  line vty 0 4
  login local

• ISE 1.3 Sponsored Guest Portal Login Failure

  Hello Team,
  Ive created a guest account in the sponsor portal for a test guest user, however the state remains in "created" state.
  Now when the user tries to log on via the sponsored guest portal the error back is "invalid username or password".
  In ISE logs it says :
  Overview
  Event
  5418 Guest Authentication Failed
  Username
  bnawaz01 
  Endpoint Id
  Endpoint Profile
  Authorization Result
  Actions
  Troubleshoot Authentication
  View Diagnostic Messages
  Audit Network Device Configuration
  View Network Device Configuration
  View Server Configuration Changes
  -->Authentication Details
  Source Timestamp
  2014-12-24 08:49:05.551
  Received Timestamp
  2014-12-24 08:49:05.553
  Policy Server
  DC1-ISE-DMZ01
  Event
  5418 Guest Authentication Failed
  Failure Reason
  Account is not yet active.
  Resolution
  Root cause
  Username
  bnawaz01
  User Type
  GuestUser
  Endpoint Id
  Endpoint Profile
  IP Address
  Authentication Identity Store
  Guest Users
  Identity Group
  GuestType_Contractor (default)
  Audit Session Id
  Authentication Method
  PAP_ASCII
  Authentication Protocol
  PAP_ASCII
  Service Type
  Network Device
  Device Type
  Location
  NAS IP Address
  NAS Port Id
  NAS Port Type
  Authorization Profile
  Posture Status
  Security Group
  Response Time 
  Any ideas why this might be, if im doing something wrong and how to fix?
  Thank you
  Bilal

  I have had the same issue, the fault is caused by the time zone in the sponsor groups being set by default to UTC, so if you are in London the accounts wont become available until UTC time. The best practice is to add a local time zone and remove UTC at initial configuration
  To resolve this create a new local time zone in Guest Access>Settings>Guest Locations and SSIDs then under Guest Access>Configure>Sponsor Groups amend the time zone properties in each sponsor group
  One other problem is if you do not remove this at initial configuration you don't seem to be able to get rid of UTC, not really an issue unless you forget when creating new sponsor groups

• Cisco ISE who created a ticket in sponsor portal

  Hi I was wondering how to see who created a guest user ticket in Cisco ISE using the sponsor portal without checking the system logs that you have to download.
  Is there any better way to do it?
  kind regards

  operations > reports >endpoints and users > guest sponsor summary
  The Guest Sponsor Summary report displays all guest users created by each sponsor. Click on a sponsor name to display details about the guest users.

• Help needed - setting password policies for different types of accounts

  Hello,
  We have a situation where we have different types of users created on a solaris server. We have regular users, admins, functional accounts and device accounts. Of course solaris does not differentiate between regular user and other types, i think. The default password policy applies to all the users on the server. I want to configure different policy for different types of user accounts. Is it possible? The difference between the accounts on our side is
  Regular user accounts - 8 digit numbers ( 00667265) - expire password every 90 days
  Functional accounts - 8 digits starting with F ( F0253466) - do not expire, but password length must be 10-12 and complex
  Device Accounts - 8 digits starting with Z ( Z2367249) - do not expire, but password length must be 12 and complex - like upper case, lower case, number, special chars etc.
  Is it possible to set up different password policies, is so how?

  The password expiration policy is pretty easy, it can be set on a per account basis when the account is created. I'm not aware of a simple way to define a complexity policy for groups of accounts but the policy is enforced using pam, so you should be able to write a pam module which would enforce your complexity policy. The pam manual page would be a reasonable starting point for learning about pam.

• ISE 1.2 Sponsor Group - "View/Edit Accounts" Setting not working as expected

  Hi,
  we need a sponsor account that is not allowed to see the Account List (so the Accounts that were created) on the sponsor UI. The sponsor should be only allowed to create an account, to send his credentials via E-Mail or to print them.. and that's all
  So I configured the rights as you can see in the attachment, but when I choose No for "View/Edit Accounts" the user is able to see ALL ACCOUNTS. When I just choose "Own Accounts" then the user sees just his own Accounts, so the 2nd setting works properly.. the first behaviour seems like a bug to me.. did anyone else have had this problem too?
  Thanks!

  Choose one of the following options for View/Edit Accounts:
  –No—Sponsors are not allowed to edit any guest accounts.
  –All Accounts—Sponsors are allowed to edit/view all guest accounts.
  –Group Accounts—Sponsors are allowed to edit guest accounts created by anyone in the same sponsor user group.
  –Own Account—Sponsors are allowed to edit only the guest accounts they created.