ISE Time Profiles

Similar Messages

• ISE: time profile for authenticated usergroup access

  Hi forumers'
  I would like to setup a session condition like what ACS can do. This is using for the user after authentication, then they were authorize with the time allotment profile for them to accessing the resources on the network.
  Can i do this over ISE, beside guest manamgent >  sponsor group's time profile?
  What if current ISE not ready for this, how's the high level design would be for time profile for usergroup access look like?
  Example
  a. trusted full time employee, accessbile 24x7x365
  b. not confirm, internship employee, with only accessbile right of 8x5 per day
  Thanks
  Noel

  Thanks for the reply, but I'm really seeking the feature of prevent multiple self registration for the same user, and I don't think that it is available right now.
  The only working idea here is blocking the MAC address for the machine doing the registration because everytime the user will be able to register with new email address or mobile phone.
  Also one feature can be interested here, that the user can do self registration with Phone mandatory so the ISE will send SMS to the user with the credentails to use.
  Thanks.
  Ahmad.

• ISE Guest Portal Time Profiles

  G'day All,
  Could someone advise if it is possible to extended or change the time profile of a guest account that has already been created? I am trying to understand using time profiles from within the Sponsor Portal. Imagine a guest user has an account created that gives them 2 weeks access, towards the end of the 2 weeks the user requires another week of access.
  From what I can see in both the ISE time profiles config page and from within the sponsor portal, either the user would have to wait until the existing account expired and have a new account created or a new account would have to be created to grant the additional access, and the existing account could be deleted, I am just seeking clarification of whether time extensions for Guest Accounts is possible prior to the account expiring.
  Currently using ISE 1.1.3
  Thanks in advanced guys.
  James.      

  Please follow the below steps to edite the time profile:
  Adding, Editing, or Duplicating Time Profiles
  To add or edit a time profile, complete the following steps:
  Step 1 From the Cisco ISE Administration interface, select Administration > Guest Management > Settings > Guest > Time Profiles.
  Step 2 Click one of the following:
  • Add—to create a new time profile
  • Edit—to edit an existing time profile
  • Duplicate—to duplicate an existing time profile
  Step 3 Enter the name and description of the new time profile.
  Step 4 Select a Time Zone for Restrictions. Time Restrictions are a set of time periods during which a guest account associated with that time profile would not be granted access to the network or guest portal.
  Step 5 From the Account Type drop- down menu, choose one of the predefined options:
  • StartEnd—allows sponsors to define start and end times for account durations
  • FromFirstLogin—allows sponsors to define the duration of time that guests can have access after login
  • FromCreation—allows sponsors to define the duration of time that guest can have access after account creation
  Step 6 Set the Duration for which the account will be active. The account expires after the duration set here has expired. This option is available only if you select the Account Type as FromFirstLogin or FromCreation.
  Step 7 Set the Restrictions for the guest access.
  These restrictions are composed of a day of the week and a start and end clock time. The Time Zone value specified in the time profile affects the clock times set in any of the Time Restrictions within the time profile. For example, a Time Restriction that specifies Monday 12:00 am to 8:00 am and Monday 6:00 pm to 11:59 pm would only grant system access between 8:00 am and 6:00 pm on Mondays within the time zone of the time profile. Any other day of the week would have no time restriction in this example and system access would be granted at any time.
  Step 8 Click Submit.

• ISE CWA Time Profiles

  Hi
  Trying to make ISE CWA with WLC2500 to work according to guest time profiles.
  - When suspend guest users in ISE they still can connect and it seems that there is no communications between WLC and ISE (i suspect that ISE will communicate to WLC regarding this)
  - Then creating a guest user with "OnlyFirstLogin".... the user is still connected after shutdown/restart..
  I'm aware of the WLC timeout settings, but not sure if there are in play with CWA
  Any who knows about these time profiles in ISE regards to WLC
  Thx
  Kasper

  Please review the below links which might be helpful:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/February2012/SBA_Ent_BN_BYOD-GuestWirelessAccessDeploymentGuide-February2012.pdf
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.html
  http://www.cisco.com/en/US/docs/security/ise/1.0.4/user_guide/ise10_guest_pol.pdf

• ISE 1.2 Guest First Login time profile not working

  I had create time profile First Login and assign to Guest that generate in sponsor portal but account status is Active instead of Await Initial Login.
  Any suggestion ?

  Check what is the role you have assigned , if ActivatedGuest then account is enabled automatically. Status for these guests displays as "Active" even if the guest has not yet signed on

• ISE Time Management for Sponsor Portal User

  Hi all,
  I'm currently using ISE version 1.2 and when I create a custom time management for each user, the rule applied to each user is only applied for a maximum 10 days eventhough I configured it for ex.30 days.
  want to check with all of you if anyone have the same issue?
  Firstly I think it's because the purge time is default set for 15 days, but even when I already changed it. The expiration time will still not get over than 10 days.
  Cheers
  Ryan

  Default Guest Time Profiles
  Time profiles provide a way to give different levels of time access to different guest accounts. Sponsors must assign a time profile to a guest when creating an account, but they cannot make changes to the time profiles. However, you can customize them and specify which time profiles can be used by particular sponsor groups. Beginning with Cisco ISE 1.2 time profiles are referred to as the account duration in the Sponsor portal.
  Cisco ISE 1.2 includes these default time profiles, which replace the profiles available previously:
  •DefaultFirstLoginEight—the account is available for 8 hours starting when the guest user first successfully connects to the Guest portal. This replaces the DefaultFirstLogin time profile.
  •DefaultEightHours—the account is available for 8 hours starting when sponsors first create the account. This replaces the DefaultOneHour time profile.
  •DefaultStartEnd—sponsors can specify dates and times on which to start and stop network access.
  If you upgrade to Cisco ISE 1.2, the older time profiles are still available, but you can delete them if you are not using them. If the older time profiles are assigned to a sponsor group, a message alerts you before deleting. If you perform a new installation of Cisco ISE 1.2, only the new time profiles display.

• Guest WiFi Time Profile

  I have created a guest user and selected a Time Profile that is supposed to allow the user to remain logged in for 3 weeks (by selecting the default time profile in Sponsor portal, Three_Weeks). According to ISE guidelines, this user should not be disconnected from first login until 3 weeks!
  In testing this setup with a user having an Android phone, the user stayed connected the whole day. However when the user came in the next day, this morning and connected to the guest WiFi SSID, he was prompted to login. In ISE the Authentication logs show that the user is still logged in since yesterday.
  The expectation was that the guest user will not be required (i.e. prompted) to login again the next day. How can this be achieved with Android and other smartphones (iPhone, Windows)?
  Systems Infor: ISE ver 1.1.1; WLC 5508 software ver 7.2.111.3
  Many thanks.
  Sankung

  Hi Sankung
  Time profiles allow a sponsor to assign different levels of access time to a guest account. For example,
  you can assign a time profile that allows a guest access during a workweek day but not during a weekend
  day.
  After time profiles are created, you must change the sponsor user group to allow sponsors in that group
  to be able to provision accounts to the appropriate time profiles that are created. You can choose the
  sponsor user groups that are allowed to assign certain time profiles to guests.
  By default, a sponsor user group has the ability to assign guests to the default time profile.
  Administrators can choose which additional time profiles the sponsor can be assigned, and they can also
  remove the default time profile from the user group.
  Each sponsor user group must have the ability to assign guests to at least one time profile.
  If a sponsor user group has only one time profile selected, sponsors will be able to select that time profile
  alone. If sponsors can choose more than one time profile, they can view a drop-down menu from which
  they can choose the time profile to be assigned to the account during the account creation.
  Step 1 From the Cisco ISE Administration interface, select Administration > Guest Management > Settings.
  Step 2 In the Settings panel, select Guest > Time Profiles.
  Step 3 Click one of the following:
     • Add—to create a new time profile
     • Edit—to edit an existing time profile
     • Duplicate—to duplicate an existing time profile
  Step 4 Enter the name and description of the new time profile.
  Step 5 Select a Time Zone for Restrictions. Time Restrictions are a set of time periods during which a guest
             account associated with that time profile would not be granted access to the network or guest portal.
  Step 6 From the Account Type drop- down menu, choose one of the predefined options:
     • StartEnd—allows sponsors to define start and end times for account durations
     • FromFirstLogin—allows sponsors to define the duration of time that guests can have access after login
     • FromCreation—allows sponsors to define the duration of time that guest can have access after account creation
  Step 7 Set the Duration for which the account will be active. The account expires after the duration set here
             has expired. This option is available only if you select the Account Type as FromFirstLogin or FromCreation.
  Step 8 Set the Restrictions for the guest access.
             These restrictions are composed of a day of the week and a start and end clock time. The Time Zone
              value specified in the time profile affects the clock times set in any of the Time Restrictions within the
               time profile. For example, a Time Restriction that specifies Monday 12:00 am to 8:00 am and Monday
               6:00 pm to 11:59 pm would only grant system access between 8:00 am and 6:00 pm on Mondays within
              the time zone of the time profile. Any other day of the week would have no time restriction in this example and 
              system access would be granted at any time.
  Step 9 Click Submit.
  Time profiles do not define the start and end times. This is done during the account creation. The time profile can have restrictions that fall outside the start and end time specified in a Guest account while creation. Only those restrictions that cover the start end time of the account will be applied to the account.
  Best Regards:
  Muhammad Munir

• Getting an error while activating a planning area "Enter values for planning horizon From and planning horizon To for the storage time profile level"

  Dear S&OP community,
  I am getting following error while creating a planning ares in a newly installed sandbox. "Enter values for planning horizon From and planning horizon To for the storage time profile level".
  This what I did...
  1) Created new attributes and master data objects and activated them successfully.
  2) Time profile created and activated successfully
  3) Trying to create planing area by assigning  time profile in step 2 and assigned master data from step1..Unable to save the data and system returns 
  this error - "Enter values for planning horizon From and planning horizon To for the storage time profile level"
  My understanding is time profile needs to be active  but doesn't have to have values...
  Any help is appreciated.
  Thanks,
  Krishna

  YS,
  Here are my time profile settings
  Level       Name          Display Horizon - Past  Display Horizon - Future
  1             Monthly     -6                                       11         
  2             Quarterly     -2                                       3
  3             Yearly        -1                                       2
  Time profile is active and but time profile data is not loaded
  Thanks,
  Krishna

• Looking for the block CD Generate Time Profiles for MPC simulation.vi

  Hello everyone!!! I am trying to implement MPC in LabVIEW. I have downloaded certain codes which shows the implementation. My question is in those codes i see a block named as CD Generate Time Profiles for MPC simulation.vi. I tried finding a lot for that block but i could not... Can anyone help me out with the problem (exactly under which section will i get that block) or can anyone tell me how do i give the set point profile for the MPC simulation problem???
  Solved!
  Go to Solution.

  The VIs related to generate profile can be found in:
  C:\Program Files (x86)\National Instruments\LabVIEW 2011\vi.lib\addons\Control Design\_MPC\Reference Profile
  or
  C:\Program Files\National Instruments\LabVIEW 2011\\vi.lib\addons\Control Design\_MPC\Reference Profile
  You can look at examples in:
  C:\Program Files (x86)\National Instruments\LabVIEW 2011\examples\Control and Simulation\Control Design\MPC
  C:\Program Files\National Instruments\LabVIEW 2011\examples\Control and Simulation\Control Design\MPC
  to verify how to use those VIs.
  Barp - Control and Simulation Group - LabVIEW R&D - National Instruments

• What do you mean by Time profile and how to configure it.

  Hi Gurus,
  can anybody tel me what do you mean by Time profile and how to configure it.
  we are using Capacity requiremtn planning.
  best regards
  prashanth

  Hi Prashanth,
  Time profile can be customized using transaction OPD2.
  It contains the time horizons for importing the data records as well as for evaluation and planning.
  the planning horizon must be smaller or equal to the database read period.
  SAPPM_Z002 is a sample time profile
  The list profile defines teh presentaion of the output lists,transaction used is OPDH.
  best regards
  vijay

• Time-Profile-Level Error on Activation

  Hello,
  I am in the process of creating an S&OP Model and so far created the following.
  1...Master Data & Attributes
  2...TimeProfile with 2 Levels(Daily and Weekly)
  3..Planning Area with Storage Time Profile Level as 'Daily'
  4...Two Planning levels at Daily and Weekly levels
  5. Two Stored Key Figures. One at Daily Planning Level and the other at Weekly Planning Level.
  Now, on activating the Planning Area I keep getting the following error.
  'Time-Profile-Level and Time-Profile-Level root attribute for plan-level "WEEKLYCUSTLOCPROD" are not consistent'
  When I delete the Key Figure that I created at the Weekly Planning Level, it seems to be activating fine.
  Can someone tell me what is it that I am doing wrong here. I need to create atleast 2 keyfigures at the weekly planning level.
  Thanks,
  Geetha

  Hi Geetha,
  Try going back into your planning area and checking if your time profile for the planning level has a 'root' defined.
  In my experience, upon creating planning levels you must explicitly check a root on the time profile.
  This is different behavior than when selecting regular Master Data Types to include in your planning level. Those default to having the key of the MDT being set as the 'root' for that planning level.

• MSE-provided location used with ISE Authorization Profile

              Hello Everyone,
  Can MSE-provided location be used in an ISE Authorization Profile?
  Thanks much,
  David D.

  Yes, ISE 1.2 can used this feature if it is used with Merridian or Ironmobile integration. and This is still in Road Map.

• NGS(Nac Guest Server) deleting time profiles

  I'm using a NGS 2.0.1 and tried to delete a time profile. I unbind the time profile first from any Sponsor Group. After I hit the bin button and confirm this, teh time profile still exists on my NGS.
  Has someone seen this?

  Hello Faisal,
  Thank you very much for your help! I looked through all bug reports but somehow I missed this one. Thank you again, it fixed the problem!
  Best regards,
  Peter

• NGS + NAC Time profiles problem

  Hi, we have NAC v4.7.2 and NGS v2.0.1 integrated with each other. The problem is when creating users with time profiles (From First Login and Time Used) in NGS where it doesn't create corresponding users in NAC automatically via API. The time profile (Start End and From Creation) works perfectly. May I know what seems to be the problem? I have attached sample picture of NGS and NAC.
  Regards,
  Dave

  Hany,
  Can you post a screenshot of what your report looks like when it should be failing but shows up as passed (green)?
  Faisal

• How we can update the time profile ?

  Hello,
  How we can update the time profile daily in PP/DS ?
  This time profile we need in the background job scheduling.
  Please suggest

  Hi Sunil,
  The Time Profile is first to be maintained by going to the current settings (S_AP9_75000087) and creating one Time Profile as per your requirements.Here you define the Display Period and Planning Periods. If you create Relative days/weeks/ months then it is calculated in relation to the current date.So for example if you want to view 10 weeks in past and 20 weeks in future from today, you give the Start Date as -10 and End date as +20.after selecting Relative month/week/day in the Daye column.
  Similar method is used for both the Display Period and Planning Period. Preferably ristrict the Display period.
  You also have the option of Absolute time where you enter the start date and the finish date as an absolute value in the set period type.This will hard code the dates for you.
  This Profile which you have created needs to be attached to Detailed Scheduling Planning Board - View 1/2/3 which ever you want to use by going to the Profile icon on the top and in the pop up click on the More profiles Tab and putting this value in the Time Profile Box.
  Thanks,
  Harsh