ISE Guest Self Registration Portal

Similar Messages

• ISE guest self-registration Client Limitation per day

  I deployed ISE with guest self registration on the Web Portal.
  I want the guest (ex: AndroidPhone with Mac address: xx:xx) to be able to get 1 hour of internet access per day. 
  I know that using Time profile I can limit the guest to 1 hour of access, but how can I give the guest access each day.
  Requirements:
  --- I want to make this phone create only one account. ( How can I limit his mac address from creating new accounts when his account will expire in one hour)?
  --- After 1 day, I want to give the same phone access (I dont mind if it is a new account or the same account as the day before)
  How can we make this happen? Otherwise, everytime the account expires, the phone will be able to auto-register with a new account.
  Thank you

• ISE Guest Self-Provisioning Portal

  Hi,
  I  get the Guest portal page and my credentails authenticate correctly and  the device is authenticated using MAB. Then I redirect to Self-Provisioning portal and get this message
  This device has not been registered
  You need to manually configure your device
  Your device configuration is not supported by the setup wizard
  Device ID < MAC of my windows XP PC
  Any idea how to enable self registration for gests?
  My goal is when guest is authenticated in first time it need to enter credentials and to registered MAC address,then when guest come again it need to pass only authentication, without registration MAC address.
  Thanks

  Tarik, where is the mistake in my steps?
  1) I create Authorization Profile for Guest devices registration (see attach AuthProfile)
  2) I create Authorization Profile for Web Registration
  3) I create Authorization Policy (see attach AuthPolicy)
  When user connects to the network, he is redirected to Guest Portal where he needs to aply AUP, after clicking "Accept" error appears (see attach ISE_Error). In ISE I see the folowing errors (see attach ISE_Auth_Error).

• I want to integrate SMS gateway to Cisco ISE 1.2 and my question is SMS notifications are supported for Guest self−registration

  I want to integrate SMS gateway to Cisco ISE 1.2 and my question is 
  SMS notifications are supported for Guest self−registration Services ? or it should be done by Sponsor 

  I'm not sure I understand the question.  Do you want to log in to the Sponsor Portal using AD credentials?
  Create an Identity Source Sequence using AD as an Authentication Source.  Go to Administration > Identity Management > Identity Source Sequences.  Either Edit or +Add a Sequence and choose from the Authentication Sources shown.
  Then choose that Identity Source Sequence by going to Administration > Web Portal Management > Settings.  Double-click Sponsor from the Left Menu and click Authentication Source.  Choose the Identity Source Sequence.  Click Save.
  I hope this helps.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• Customize Guest Self Registration on CPPM to print receipts immediately after registration

  This article talks about printing the registration receipt automatically after registration.
  Environment: This article implies to CPPM 6.2 and greater.
  I want to get a printout of "Visitor Registration Receipt" automatically without using the print option.
  We can achieve by adding a PHP code in the Footer section of the Receipt page.
  Login to Clear Pass Guest Module and navigate to "Home » Configuration » Guest Self-Registration".
  Select the profile which we are using and Edit.
  Select the profile which we are using and Edit.
  Click on Footer and add the PHP code as shown below.
  {literal}
  <script type="text/javascript">
  window.print('guest_receipt.php?id=8');
  </script>
  {/literal}
  Save and apply.
  We can also force redirect to registration page after the print of receipt is done by adding the below code in the same place.
  <meta http-equiv="refresh"
  content=2;url=<YOUR GUEST REGISTRATION PAGE>?_clear=1"/>
  The above code will refresh the page and redirect you back to self registration page.

  Hi,this code did not work for me. It redirects me to the main CPPM admin login page  This is your code: <meta http-equiv="refresh"
  content=2;url=<YOUR GUEST REGISTRATION PAGE>?_clear=1"/>  and this is my codein the footer of the receipt page: {literal}
  <script type="text/javascript">
  window.print('guest_receipt.php?id=8');
  </script>
  {/literal}
  <meta http-equiv="refresh"
  content=2;url=guestreg.php?_clear=1"/>  Can anyone herlp please?

• ISE 1.2 Guest Self Registration

  We are in the middle of an ISE deployment.  We are currently on version 1.2, Patch 3.  One of our use cases for ISE is Guest Access.  I am trying to understand more about self registration functions in ISE.  What are the capabilities? Can a user access a self registration page, enter credentials such as an email address, or phone #, and receive an email or text message with the guest account credentials?

  yes Guest can acess self registration page and enter his name company email phone etc...and do self registration and can get the credentials via mail and sms
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_guest_pol.html#pgfId-1482408

• ISE and Self Registration

  Ciao,
  is it possible to send user and password credentials, created by self registration, via mail or SMS ?
  For example:
  - user connect open ssid,
  - open browser and ISE, after redirect, present http guest portal with self-registration,
  - user compile form of self registration with email or phone fields,
  - credentials are send via email (not displayed as default).
  Thanks,
  Regards,

• Cisco ISE users self-registration Time Zone

  Hello, everyone!
  I'm configuring ISE Guest portal and I wonder why I need to choose time zone while in self-registration? Where is it used? And how can I disable this parameter from the self-registration page?

  Time profiles provide a way to give different levels of time access to different guest accounts. Sponsors must assign a time profile to a guest when creating an account, but they cannot make changes to the time profiles. However, you can customize them and specify which time profiles can be used by particular sponsor groups. Beginning with Cisco ISE 1.2 time profiles are referred to as the account duration in the Sponsor portal.
  Cisco ISE 1.2 includes these default time profiles, which replace the profiles available previously:
  DefaultFirstLoginEight—the account is available for 8 hours starting when the guest user first successfully connects to the Guest portal. This replaces the DefaultFirstLogin time profile.
  DefaultEightHours—the account is available for 8 hours starting when sponsors first create the account. This replaces the DefaultOneHour time profile.
  DefaultStartEnd—sponsors can specify dates and times on which to start and stop network access.

• Self-Registration Portal Cisco ISE 1.3 Keeps Going Back to Auth Page

  We upgraded our Cisco ISE from 1.2.x to 1.3.x.  The migration was successful, and everything appears to be correct.  I see that our customized portals were brought over as well.  We've created a new customized guest portal.  We've updated the authorization profile to reflect the new portal.  When a user goes through the process of registering, they register successfully, and then use the registration information to sign in successfully.  However, when they attempt to browse to a web page, they are redirected right back to the authentication page.  I've checked the SSID.  It's set for L2 mac-filtering, Radius NAC, and for our ISE ACL.  For the authentication security, CoA is enabled.  When the upgrade was completed, I did follow all of the post-migration tasks.  Can anyone give me any ideas why users are being redirected right back to the auth screen, once successfully authenticating, and not able to get to any internet sites?  Thanks for your help!

  Salodh,
  Thank you so much for the quick reply!  Please find the export below:
  <?xml version="1.0" encoding="UTF-8"?>
  @namespace html url(http://www.w3.org/1999/xhtml); :root { font:small Verdana; font-weight: bold; padding: 2em; padding-left:4em; } * { display: block; padding-left: 2em; } html|style { display: none; } html|span, html|a { display: inline; padding: 0; font-weight: normal; text-decoration: none; } html|span.block { display: block; } *[html|hidden], span.block[html|hidden] { display: none; } .expand { display: block; } .expand:before { content: '+'; color: red; position: absolute; left: -1em; } .collapse { display: block; } .collapse:before { content: '-'; color: red; position: absolute; left:-1em; }
  <Root>
  <!--This section describes the Policy-Sets configured in ISE-->
  <PolicySets> <PolicySet name="Wired" description=""> <Conditions relationship="OR"> <Condition name="Wired_MAB" type="REUSABLE_COMPOUND"/> <Condition name="Wired_802.1X" type="REUSABLE_COMPOUND"/> </Conditions> <Authentication> <rules> <rule name="Default" status="Enabled"> <Conditions/> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult name="Internal Endpoints"> <IdentitySource name="Internal Endpoints" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>CONTINUE</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> </rules> </Authentication> <Authorization> <StandardRules> <rule name="Default" status="Enabled"> <Conditions/> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="PermitAccess" type="Standard"/> </rule> </StandardRules> <LocalExceptionRules/> </Authorization> </PolicySet> <PolicySet name="Wireless" description=""> <Conditions relationship="OR"> <Condition name="Wireless_MAB" type="REUSABLE_COMPOUND"/> <Condition name="Wireless_802.1X" type="REUSABLE_COMPOUND"/> </Conditions> <Authentication> <rules> <rule name="Wireless Users" status="Enabled"> <Conditions relationship="AND"> <Condition name="Wireless_802.1X" type="REUSABLE_COMPOUND"/> </Conditions> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult name="AD1"> <IdentitySource name="AD1" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>REJECT</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> <rule name="Default" status="Enabled"> <Conditions/> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult name="Internal Endpoints"> <IdentitySource name="Internal Endpoints" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>CONTINUE</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> </rules> </Authentication> <Authorization> <StandardRules> <rule name="Internal-Users-KMTMACHINE" status="Enabled"> <Conditions relationship="AND"> <Condition name="WLAN-User" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="WLAN-PERMITALL" type="Standard"/> </rule> <rule name="Internal-Users-MDM" status="Enabled"> <Conditions relationship="AND"> <Condition name="WLAN-User" type="REUSABLE_COMPOUND"/> <Condition name="WLAN-UserMDM" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="WLAN-PERMITALL" type="Standard"/> </rule> <rule name="Internal-Users-NONMDM1" status="Enabled"> <Conditions relationship="AND"> <Condition name="WLAN-User" type="REUSABLE_COMPOUND"/> <Condition name="WLAN-NotMDM" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="WLAN-PERMITONLYINTERNET" type="Standard"/> </rule> <rule name="Guest" status="Enabled"> <Conditions relationship="AND"> <Condition type="ADHOC">DEVICE:Device Type EQUALS All Device Types#Wireless</Condition> </Conditions> <identityGroups> <identityGroup name="Guest" type="User Identity Groups"/> </identityGroups> <Result name="Internet-Only" type="Standard"/> </rule> <rule name="Guest-CWA" status="Enabled"> <Conditions relationship="AND"> <Condition type="ADHOC">DEVICE:Device Type EQUALS All Device Types#Wireless</Condition> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="Guest-CWA" type="Standard"/> </rule> <rule name="Default" status="Enabled"> <Conditions/> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="DenyAccess" type="Standard"/> </rule> </StandardRules> <LocalExceptionRules/> </Authorization> </PolicySet> <PolicySet name="Default" description="Default Policy Set"> <Conditions/> <Authentication> <rules> <rule name="MAB" status="Enabled"> <Conditions relationship="OR"> <Condition name="Wired_MAB" type="REUSABLE_COMPOUND"/> <Condition name="Wireless_MAB" type="REUSABLE_COMPOUND"/> </Conditions> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult name="Internal Endpoints"> <IdentitySource name="Internal Endpoints" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>REJECT</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> <rule name="Dot1X" status="Enabled"> <Conditions relationship="OR"> <Condition name="Wired_802.1X" type="REUSABLE_COMPOUND"/> <Condition name="Wireless_802.1X" type="REUSABLE_COMPOUND"/> </Conditions> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult> <IdentitySource name="Internal Users" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>REJECT</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> <rule name="Default" status="Enabled"> <Conditions/> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult> <IdentitySource name="Internal Users" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>REJECT</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> </rules> </Authentication> <Authorization> <StandardRules> <rule name="Wireless Black List Default" status="Enabled"> <Conditions relationship="AND"> <Condition name="Wireless_Access" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Blacklist" type="Endpoint Identity Groups"/> </identityGroups> <Result name="Blackhole_Wireless_Access" type="Standard"/> </rule> <rule name="Profiled Cisco IP Phones" status="Enabled"> <Conditions/> <identityGroups> <identityGroup name="Cisco-IP-Phone"/> </identityGroups> <Result name="Cisco_IP_Phones" type="Standard"/> </rule> <rule name="Profiled Non Cisco IP Phones" status="Enabled"> <Conditions relationship="AND"> <Condition name="Non_Cisco_Profiled_Phones" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="Non_Cisco_IP_Phones" type="Standard"/> </rule> <rule name="Default" status="Enabled"> <Conditions/> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="PermitAccess" type="Standard"/> </rule> </StandardRules> <LocalExceptionRules/> </Authorization> </PolicySet> <GlobalExceptions> <rules/> </GlobalExceptions> </PolicySets>
  <!--This section describes the Reusable Conditions configured in ISE-->
  <ReusableConditions> <Authentication> <Compound> <condition name="Wired_MAB" description="A condition to match MAC Authentication Bypass service requests from Cisco Catalyst Switches" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Call Check</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Ethernet</Condition> </condition> <condition name="Wireless_MAB" description="A condition to match MAC Authentication Bypass service requests from Cisco Wireless LAN Controller" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Call Check</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Wireless - IEEE 802.11</Condition> </condition> <condition name="Wired_802.1X" description="A condition to match an 802.1X based authentication requests from Cisco Catalyst Switches" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Framed</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Ethernet</Condition> </condition> <condition name="Wireless_802.1X" description="A condition to match an 802.1X based authentication request from Cisco Wireless LAN Controller" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Framed</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Wireless - IEEE 802.11</Condition> </condition> <condition name="Switch_Local_Web_Authentication" description="A condition to match authentication requests for Local Web Authentication from Cisco Catalyst Switches" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Outbound</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Ethernet</Condition> </condition> <condition name="WLC_Web_Authentication" description="A condition to match authentication requests for Web Authentication from Cisco Wireless LAN Controller" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Login</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Wireless - IEEE 802.11</Condition> </condition> </Compound> </Authentication> <Authorization> <Compound> <condition name="Wired_802.1X" description="Default condition used to match an 802.1X based authentication requests from Cisco Catalyst Switches." relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Framed</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Ethernet</Condition> </condition> <condition name="Wired_MAB" description="Default condition used to match MAB Authentication Bypass service requests from Cisco Catalyst Switches." relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Call Check</Condition> <Condition type="

• ISE Guest Self-Service Emailing Credentials

  Hi Guys,
  Is it possible to setup the ISE to automatically send a self-service guest their credentials via email once they've registered as appose to simply showing them onscreen ?
  I know it's possible to do so once they've registered through the sponsor portal, but the customer would like it done by default.
  Thanks,
  Nick

  This is not currently supported.  I am including a link to the feature enhancement request for your reference:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCto15206

• ISE guest self service question

  Hi experts
  Is there any way to implement this scenario on ise 1.2.1:
  guest registers himself on the portal and either selects or enters sponsor details
  sponsor gets notified by mail and can approve or deny
  guest gets a sms text message with password and can use the guest wlan
  Grateful for any hint
  Cheers
  Albert

  No,  to enable SMS messaging, you need to be running v1.3.
  Good news, though.  With a current Service Agreement, ISE upgrades are free.  If you can schedule downtime, you can upgrade from 1.2.1 to 1.3 without stress.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• ISE - Guest Access (without portal)

  Hi Guys,
  I have a customer who current is using the cwa portal for guest access. Corporate use will be added in the future sometime next year.
  Kit involved:
  5508 - Internal (Inside Net)
  5508 - Anchor (DMZ Net)
  ISE - Inside Net
  3600 APs
  Presently, guest user connects, anchored to DMZ 5508, issued IP address from server in DMZ and DNS redirect to the web portal from same server. guest logs in and internet access through ASA and then content filtering box.
  They want a solution whereby they do not have to use the portal for corporate user with their own devices such as ipads. I know BYOD is a possiblity but would involve using a CA server on the inside of the network. This is not something I'm keen as it opens a channel from the guest network directly to their AD infrastructure.
  I'm leaning toward PEAP authentication atm using a GoDaddy SSL cert that is already installed. This would bypass the portal system and only involve client devices being configured once.
  Is there any other option that would be simple to setup as this is on a limited timescale ?
  Cheers,
  Nick

  Nick,
  They want a solution whereby they do not have to use the portal for  corporate user with their own devices such as ipads. I know BYOD is a  possiblity but would involve using a CA server on the inside of the  network. This is not something I'm keen as it opens a channel from the  guest network directly to their AD infrastructure.
  If you are referring to supplicant provisioning, the scep enrollment request is proxied from ISE and the private key and cert is transferred to the endpoint. This doesnt require your guest network having direct access to AD....just to ISE.
  Tarik Admani
  *Please rate helpful posts*

• ISE Guest - Change Password Option

  Hi All
  Can anyone confirm that the change password option on the Guest Self Registration Portal actually works?
  I have enabled the options with the ISE Guest Portal to allow the Guest to create his own account and also to change his password.
  Although the self creation of the account works fine it doesn't look like changing the password works. When you enter the new password and click submit nothing seems to happen.
  ISE version is 1.2.1.198
  Regards
  Roger

  Hi Roger,
  Are you making use of customized self registration portal. In such cases make sure , the session ID of a particular guest login is carried forward to the password change page as well.
  For the html changes to any pages (login, aup, self_registration, self_registration_result,
  device_registration & change_password)  that link back to other pages. The below points A and B should be added as part of customized pages.
  A)Reference script (<script src="js/customportals.js"></script>)
  B)Add the onsubmit="getDynamicAction(this);" logic for posts
  Thanks

• CISCO ISE 1.2.0.899 - Self registration email address field Limit

  Hi
  I was wondering if someone out there can resolve an issue I am seeing, when a user goes to the self registration portal and enters an email address it only allows 24 characters to be entered, in the documentation it states that up to 48 characters can be entered. Is there a setting that i need to change to increase the character limit to above 24.
  Thanks
  John

  Hi Anas
  That is not true, I had the same problem with ISE in our Network.
  We are running 1.2.0.899, after all the troubleshooting I decided to upgrade the Patch on the ISE.
  As part of that I have deployed patch 5, which has resolved the issue.
  So please just download patch 5 for the solution.
  Regards
  Sandy

• ISE Guest Authentication only with email address

  Hi,
  I want to know is there an option to use ONLY the email address as an authentication credential for Guest user authentication using Guest Protal and this should be done only with Self Registration not with Sponsored accounts.
  Appreciate if someone has done this and advise us how to achieve this.?
  thanks

  The exact scenario explained above is unachievable , however a little different from that can be achieved , see below
  New Features in Cisco ISE Version 1.2.0.899—Cumulative Patch 2
  Support for Guest Self-Registration Based on Email Domain Whitelist
  You can allow guests to create their own accounts by enabling the self-service feature by choosing: Administration  > Web Portal Management > Settings > Guest > Multi-Portal  Configurations > Operations > Guest users should be allowed to do  self service. When you enable this feature, the account credentials  display on the screen, and they are also emailed to the email address  used to create the account.
  You can restrict this feature by limiting guests' ability to create  their own accounts based on their email domain. By creating an email  domain whitelist, you can ensure that only guest users with email  accounts on those domains can create guest accounts.
  To prevent the account credentials from displaying on the screen, you  must create a custom portal when using an email domain whitelist. These  steps provide an overview:
  1. Create a custom portal, following these guidelines:
  –Add  a required email field and an acceptable use policy (AUP) page to the  Self-Registration html file. See the "Sample Code for Sponsor and Guest  Portal Customizations" appendix in the Cisco Identity Services Engine User Guide, Release 1.2 for a sample file.
  –Add  text to refer users to their email for their login credentials on the  Self-Registration Results html file. See the "Sample Code for Sponsor  and Guest Portal Customizations" appendix in the Cisco Identity Services Engine User Guide, Release 1.2 for a sample file.
  –Map the Login file to the Self-Registration page. See the "Mapping HTML Files to Guest Portal Pages" section in the Cisco Identity Services Engine User Guide, Release 1.2 for detailed instructions.
  2. Configure the SMTP server to support notifications (Administration > System > Settings > SMTP Server).
  3. Specify  the default e-mail address from which to send all guest notifications.  (Administration > System > Settings > SMTP Server and choose Use Default email address).
  4. Create the email domain whitelist. See the "Restricting Self-Registration Based on Email Domain" section.
  5. Customize the self-registration credentials email message. See the "Customizing the Self-Registration Credentials Email" section.
  6. Customize the self-registration failure message. See the "Customizing the Self-Registration Failure Message" section