ISE CWA Time Profiles

Similar Messages

• ISE Guest Portal Time Profiles

  G'day All,
  Could someone advise if it is possible to extended or change the time profile of a guest account that has already been created? I am trying to understand using time profiles from within the Sponsor Portal. Imagine a guest user has an account created that gives them 2 weeks access, towards the end of the 2 weeks the user requires another week of access.
  From what I can see in both the ISE time profiles config page and from within the sponsor portal, either the user would have to wait until the existing account expired and have a new account created or a new account would have to be created to grant the additional access, and the existing account could be deleted, I am just seeking clarification of whether time extensions for Guest Accounts is possible prior to the account expiring.
  Currently using ISE 1.1.3
  Thanks in advanced guys.
  James.      

  Please follow the below steps to edite the time profile:
  Adding, Editing, or Duplicating Time Profiles
  To add or edit a time profile, complete the following steps:
  Step 1 From the Cisco ISE Administration interface, select Administration > Guest Management > Settings > Guest > Time Profiles.
  Step 2 Click one of the following:
  • Add—to create a new time profile
  • Edit—to edit an existing time profile
  • Duplicate—to duplicate an existing time profile
  Step 3 Enter the name and description of the new time profile.
  Step 4 Select a Time Zone for Restrictions. Time Restrictions are a set of time periods during which a guest account associated with that time profile would not be granted access to the network or guest portal.
  Step 5 From the Account Type drop- down menu, choose one of the predefined options:
  • StartEnd—allows sponsors to define start and end times for account durations
  • FromFirstLogin—allows sponsors to define the duration of time that guests can have access after login
  • FromCreation—allows sponsors to define the duration of time that guest can have access after account creation
  Step 6 Set the Duration for which the account will be active. The account expires after the duration set here has expired. This option is available only if you select the Account Type as FromFirstLogin or FromCreation.
  Step 7 Set the Restrictions for the guest access.
  These restrictions are composed of a day of the week and a start and end clock time. The Time Zone value specified in the time profile affects the clock times set in any of the Time Restrictions within the time profile. For example, a Time Restriction that specifies Monday 12:00 am to 8:00 am and Monday 6:00 pm to 11:59 pm would only grant system access between 8:00 am and 6:00 pm on Mondays within the time zone of the time profile. Any other day of the week would have no time restriction in this example and system access would be granted at any time.
  Step 8 Click Submit.

• ISE: time profile for authenticated usergroup access

  Hi forumers'
  I would like to setup a session condition like what ACS can do. This is using for the user after authentication, then they were authorize with the time allotment profile for them to accessing the resources on the network.
  Can i do this over ISE, beside guest manamgent >  sponsor group's time profile?
  What if current ISE not ready for this, how's the high level design would be for time profile for usergroup access look like?
  Example
  a. trusted full time employee, accessbile 24x7x365
  b. not confirm, internship employee, with only accessbile right of 8x5 per day
  Thanks
  Noel

  Thanks for the reply, but I'm really seeking the feature of prevent multiple self registration for the same user, and I don't think that it is available right now.
  The only working idea here is blocking the MAC address for the machine doing the registration because everytime the user will be able to register with new email address or mobile phone.
  Also one feature can be interested here, that the user can do self registration with Phone mandatory so the ISE will send SMS to the user with the credentails to use.
  Thanks.
  Ahmad.

• ISE Time Profiles

  I have successfully setup my guest authentication through ISE but when I change the time profile from Default Eight Hours to Default Start End the user cannot login.  If I change the profile to Eight Hours, the access is granted.  Has anyone run into this?  I have tried to make a new profile, new sponsor group etc but no luck.  Any help would be highly appreciated.
  Additional information.  I am able to create the account using the DefaultEightHours setting.  Login and than change the account to DefaultStartEnd.  However, I cannot enter DefaultStartEnd from the start.  I have attached the troubleshooting error I see in ISE.
  Thanks,
  James

  Please review the below links which might be helpful:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/February2012/SBA_Ent_BN_BYOD-GuestWirelessAccessDeploymentGuide-February2012.pdf
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.html
  http://www.cisco.com/en/US/docs/security/ise/1.0.4/user_guide/ise10_guest_pol.pdf

• ISE 1.2 Guest First Login time profile not working

  I had create time profile First Login and assign to Guest that generate in sponsor portal but account status is Active instead of Await Initial Login.
  Any suggestion ?

  Check what is the role you have assigned , if ActivatedGuest then account is enabled automatically. Status for these guests displays as "Active" even if the guest has not yet signed on

• ISE CWA redirect redundancy

  Hi
  If in a CWA authorization profile the IP address option is used for the redirection, how will this impact on redundancy ? For instance in my implementation with 2 ISE appliances, on the Primary Admin Node the CWA profile is configured with an IP address of x.x.x.110 which is the address of the Primary ISE appliance. When the primary appliance fails how will the secondary appliance handle the above cause the x.x.x.110 ip address will then be unavailable and the new ip should be x.x.x.109....? 

  If you check that box and set an IP address manually then all CWA requests will go to that IP/Host Name. If you want to have redundancy then you should leave that box unchecked. Doing that will allow ISE to use the FQDN of the Radius server that is currently serving that SSID. 
  I hope this helps!
  Thank you for rating helpful posts!

• Guest WiFi Time Profile

  I have created a guest user and selected a Time Profile that is supposed to allow the user to remain logged in for 3 weeks (by selecting the default time profile in Sponsor portal, Three_Weeks). According to ISE guidelines, this user should not be disconnected from first login until 3 weeks!
  In testing this setup with a user having an Android phone, the user stayed connected the whole day. However when the user came in the next day, this morning and connected to the guest WiFi SSID, he was prompted to login. In ISE the Authentication logs show that the user is still logged in since yesterday.
  The expectation was that the guest user will not be required (i.e. prompted) to login again the next day. How can this be achieved with Android and other smartphones (iPhone, Windows)?
  Systems Infor: ISE ver 1.1.1; WLC 5508 software ver 7.2.111.3
  Many thanks.
  Sankung

  Hi Sankung
  Time profiles allow a sponsor to assign different levels of access time to a guest account. For example,
  you can assign a time profile that allows a guest access during a workweek day but not during a weekend
  day.
  After time profiles are created, you must change the sponsor user group to allow sponsors in that group
  to be able to provision accounts to the appropriate time profiles that are created. You can choose the
  sponsor user groups that are allowed to assign certain time profiles to guests.
  By default, a sponsor user group has the ability to assign guests to the default time profile.
  Administrators can choose which additional time profiles the sponsor can be assigned, and they can also
  remove the default time profile from the user group.
  Each sponsor user group must have the ability to assign guests to at least one time profile.
  If a sponsor user group has only one time profile selected, sponsors will be able to select that time profile
  alone. If sponsors can choose more than one time profile, they can view a drop-down menu from which
  they can choose the time profile to be assigned to the account during the account creation.
  Step 1 From the Cisco ISE Administration interface, select Administration > Guest Management > Settings.
  Step 2 In the Settings panel, select Guest > Time Profiles.
  Step 3 Click one of the following:
     • Add—to create a new time profile
     • Edit—to edit an existing time profile
     • Duplicate—to duplicate an existing time profile
  Step 4 Enter the name and description of the new time profile.
  Step 5 Select a Time Zone for Restrictions. Time Restrictions are a set of time periods during which a guest
             account associated with that time profile would not be granted access to the network or guest portal.
  Step 6 From the Account Type drop- down menu, choose one of the predefined options:
     • StartEnd—allows sponsors to define start and end times for account durations
     • FromFirstLogin—allows sponsors to define the duration of time that guests can have access after login
     • FromCreation—allows sponsors to define the duration of time that guest can have access after account creation
  Step 7 Set the Duration for which the account will be active. The account expires after the duration set here
             has expired. This option is available only if you select the Account Type as FromFirstLogin or FromCreation.
  Step 8 Set the Restrictions for the guest access.
             These restrictions are composed of a day of the week and a start and end clock time. The Time Zone
              value specified in the time profile affects the clock times set in any of the Time Restrictions within the
               time profile. For example, a Time Restriction that specifies Monday 12:00 am to 8:00 am and Monday
               6:00 pm to 11:59 pm would only grant system access between 8:00 am and 6:00 pm on Mondays within
              the time zone of the time profile. Any other day of the week would have no time restriction in this example and 
              system access would be granted at any time.
  Step 9 Click Submit.
  Time profiles do not define the start and end times. This is done during the account creation. The time profile can have restrictions that fall outside the start and end time specified in a Guest account while creation. Only those restrictions that cover the start end time of the account will be applied to the account.
  Best Regards:
  Muhammad Munir

• Getting an error while activating a planning area "Enter values for planning horizon From and planning horizon To for the storage time profile level"

  Dear S&OP community,
  I am getting following error while creating a planning ares in a newly installed sandbox. "Enter values for planning horizon From and planning horizon To for the storage time profile level".
  This what I did...
  1) Created new attributes and master data objects and activated them successfully.
  2) Time profile created and activated successfully
  3) Trying to create planing area by assigning  time profile in step 2 and assigned master data from step1..Unable to save the data and system returns 
  this error - "Enter values for planning horizon From and planning horizon To for the storage time profile level"
  My understanding is time profile needs to be active  but doesn't have to have values...
  Any help is appreciated.
  Thanks,
  Krishna

  YS,
  Here are my time profile settings
  Level       Name          Display Horizon - Past  Display Horizon - Future
  1             Monthly     -6                                       11         
  2             Quarterly     -2                                       3
  3             Yearly        -1                                       2
  Time profile is active and but time profile data is not loaded
  Thanks,
  Krishna

• Looking for the block CD Generate Time Profiles for MPC simulation.vi

  Hello everyone!!! I am trying to implement MPC in LabVIEW. I have downloaded certain codes which shows the implementation. My question is in those codes i see a block named as CD Generate Time Profiles for MPC simulation.vi. I tried finding a lot for that block but i could not... Can anyone help me out with the problem (exactly under which section will i get that block) or can anyone tell me how do i give the set point profile for the MPC simulation problem???
  Solved!
  Go to Solution.

  The VIs related to generate profile can be found in:
  C:\Program Files (x86)\National Instruments\LabVIEW 2011\vi.lib\addons\Control Design\_MPC\Reference Profile
  or
  C:\Program Files\National Instruments\LabVIEW 2011\\vi.lib\addons\Control Design\_MPC\Reference Profile
  You can look at examples in:
  C:\Program Files (x86)\National Instruments\LabVIEW 2011\examples\Control and Simulation\Control Design\MPC
  C:\Program Files\National Instruments\LabVIEW 2011\examples\Control and Simulation\Control Design\MPC
  to verify how to use those VIs.
  Barp - Control and Simulation Group - LabVIEW R&D - National Instruments

• What do you mean by Time profile and how to configure it.

  Hi Gurus,
  can anybody tel me what do you mean by Time profile and how to configure it.
  we are using Capacity requiremtn planning.
  best regards
  prashanth

  Hi Prashanth,
  Time profile can be customized using transaction OPD2.
  It contains the time horizons for importing the data records as well as for evaluation and planning.
  the planning horizon must be smaller or equal to the database read period.
  SAPPM_Z002 is a sample time profile
  The list profile defines teh presentaion of the output lists,transaction used is OPDH.
  best regards
  vijay

• Time-Profile-Level Error on Activation

  Hello,
  I am in the process of creating an S&OP Model and so far created the following.
  1...Master Data & Attributes
  2...TimeProfile with 2 Levels(Daily and Weekly)
  3..Planning Area with Storage Time Profile Level as 'Daily'
  4...Two Planning levels at Daily and Weekly levels
  5. Two Stored Key Figures. One at Daily Planning Level and the other at Weekly Planning Level.
  Now, on activating the Planning Area I keep getting the following error.
  'Time-Profile-Level and Time-Profile-Level root attribute for plan-level "WEEKLYCUSTLOCPROD" are not consistent'
  When I delete the Key Figure that I created at the Weekly Planning Level, it seems to be activating fine.
  Can someone tell me what is it that I am doing wrong here. I need to create atleast 2 keyfigures at the weekly planning level.
  Thanks,
  Geetha

  Hi Geetha,
  Try going back into your planning area and checking if your time profile for the planning level has a 'root' defined.
  In my experience, upon creating planning levels you must explicitly check a root on the time profile.
  This is different behavior than when selecting regular Master Data Types to include in your planning level. Those default to having the key of the MDT being set as the 'root' for that planning level.

• NGS(Nac Guest Server) deleting time profiles

  I'm using a NGS 2.0.1 and tried to delete a time profile. I unbind the time profile first from any Sponsor Group. After I hit the bin button and confirm this, teh time profile still exists on my NGS.
  Has someone seen this?

  Hello Faisal,
  Thank you very much for your help! I looked through all bug reports but somehow I missed this one. Thank you again, it fixed the problem!
  Best regards,
  Peter

• NGS + NAC Time profiles problem

  Hi, we have NAC v4.7.2 and NGS v2.0.1 integrated with each other. The problem is when creating users with time profiles (From First Login and Time Used) in NGS where it doesn't create corresponding users in NAC automatically via API. The time profile (Start End and From Creation) works perfectly. May I know what seems to be the problem? I have attached sample picture of NGS and NAC.
  Regards,
  Dave

  Hany,
  Can you post a screenshot of what your report looks like when it should be failing but shows up as passed (green)?
  Faisal

• How we can update the time profile ?

  Hello,
  How we can update the time profile daily in PP/DS ?
  This time profile we need in the background job scheduling.
  Please suggest

  Hi Sunil,
  The Time Profile is first to be maintained by going to the current settings (S_AP9_75000087) and creating one Time Profile as per your requirements.Here you define the Display Period and Planning Periods. If you create Relative days/weeks/ months then it is calculated in relation to the current date.So for example if you want to view 10 weeks in past and 20 weeks in future from today, you give the Start Date as -10 and End date as +20.after selecting Relative month/week/day in the Daye column.
  Similar method is used for both the Display Period and Planning Period. Preferably ristrict the Display period.
  You also have the option of Absolute time where you enter the start date and the finish date as an absolute value in the set period type.This will hard code the dates for you.
  This Profile which you have created needs to be attached to Detailed Scheduling Planning Board - View 1/2/3 which ever you want to use by going to the Profile icon on the top and in the pop up click on the More profiles Tab and putting this value in the Time Profile Box.
  Thanks,
  Harsh

• Keep getting this pop up box after downloading Mountain Lion ( had Snow Leopard) time profile failure .... how do I fix it ??

  Keep getting this pop up box after downloading Mountain Lion ( had Snow Leopard) time profile failure  (in a small box).... how do I fix it ??
  Pleeeease can any one help i??? t pops up all the time and I have have to confirm in OK box.
  I´m not a PRO on a  MAC 

  Can you provide a screenshot? I haven't ever heard of such an error. I suspect it may be third-party software of some kind.