Sponsor portal and internal users

Similar Messages

• How to authenticate external and internal users on different AD

  What is the recommended way to authenticate external users as well as internal employees in a customer facing application?
  We have external users in an Active Directory in the DMZ and our employees in our internal DMZ.  Unfortunately we don't have an identity management system in place and wondering if there is a way we could authenticate user against two active directories without creating a trust between them.
  We are implementing EP7.0
  Thanks in Advance.

  You can also use user partitioning. A feature of the UME which allows for having different user persistence options for different users. What you could do in this case have the external user stored in the local db or an LDAP for the external users and the internal users stored in an internal LDAP directory. For more details about <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/e0/b60b404b2b1e07e10000000a1550b0/frameset.htm">user partitioning</a>, please see the docs.
  regards,
  Patrick

• Waht is external portal and Internal portal?

  Hi..
  Can anyone please tell me what is external portal and what is internal portal? what is the difference between the two.
  Regards
  Shanmukh

  Hi,
  I guess you are referring to an external-facing portal -
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/30eb732a-2448-2a10-7aa6-8fd0849b6f20
  Regards,
  Anagha

• Oracle on NT (Logmnr and Internal User fail)

  Hi,
  My Environment is NT. I got two questions First, I have problem to use "Log Viewer"
  DBMS_LOGMNR_D to create the dictionary file.
  In the statement, I should have file name and file directory to generate the dictionary file. The problem is the file directoy format of NT and Unix is different, so I changed the file directory to the right format for NT. However, I tried several kinds of format. None of them works. So, does anyone knows the right format for "logmnrd" for NT?
  Second, my test environment can not be logged in as internal user , system and sys. I am sure the password is correct, but at the time I connectted by them. I got the error message indicating me that "Insufficient Privilege". I don't know why? So the only way for me the shutdown the database is through the NT services.
  Does any one know how to solve this?
  Thanks in advance.
  chechun

  Hi,
  My Environment is NT. I got two questions First, I have problem to use "Log Viewer"
  DBMS_LOGMNR_D to create the dictionary file.
  In the statement, I should have file name and file directory to generate the dictionary file. The problem is the file directoy format of NT and Unix is different, so I changed the file directory to the right format for NT. However, I tried several kinds of format. None of them works. So, does anyone knows the right format for "logmnrd" for NT?
  Second, my test environment can not be logged in as internal user , system and sys. I am sure the password is correct, but at the time I connectted by them. I got the error message indicating me that "Insufficient Privilege". I don't know why? So the only way for me the shutdown the database is through the NT services.
  Does any one know how to solve this?
  Thanks in advance.
  chechun

• Portal and R3 user mapping

  Experts,
  We are on EP6 with 4.7 backend and using AD as our data source.
  We implemented ESS on ITS and we have few users who have different portal user ID and R/3 ID and I want their ID to be mapped to their R3 ID. 
  So far, I've added my r3 usrID as one of the parameters in AD and in the UM config file, I've mapped this field to userID. 
  I've defined the sap reference system and when I go to user mapping under "personalize" it says "Error occurred while reading the selected user mapping data"
  Can someone tell me what could be wring with this setup?
  Thanks,
  James

  Well, this may not be the "best way" to do it but.....
  <p>
  <img src=http://home1.gte.net/res00icr/SA.jpg>
  <p>
  Make it a dedicated system and then you can have your users go up to personalize it once and done.  Then what every you need the back end for just reference the system you created.

• Internal and external user logins

  i have an asp.net web application which should work as intranet application if windows user logs in and it should ask separate logins if an external user logs in. Is it possible? it can be accessed over internet and internal users uses VPN or the network
  where site resides

  This forum is for questions about the TechNet Wiki. It might be best to ask your question in the asp.net forums, linked here:
   http://forums.asp.net
  Richard Mueller - MVP Directory Services

• ISE 1.2 corrupted sponsor portal

  Hi,
  since I started to use ISE sponsor portal it showes me wrongly, see attached screenshot.
  I tried various browsers, but the problem is the same. Other pages are okay, just the main with guest users has problem.
  Looks like it happened after upgrade from previous ISE version.
  Does anybody know how to fix this?
  Thanks and greets
  Karel

  Hi Karel,
  As regarding to your query,
  These selections will allow guests to change their password, perform self-service, and require
  acceptance of a default AUP upon login.
  Changed in ISE 1.2: Now that we have the ability to Change Account Duration (discussed later in the lab) the option
  to Require guest and internal users to change password at expiration and first login has been updated so that
  the guest must change the password when not only first logging in but then also when the expired account has been
  reactivated. It’s not being used in this lab so be aware of this option.
  Self-service allows any user to generate access credentials without requiring a sponsor to perform this task.
  As this is not a sponsored user and any user may create their own account with this policy setting, it is
  common to assign self-service guests to an Identity Group with minimal network access privileges such as
  “Internet_Only”.

• ISE sponsor portal guest accounts

  I am having an issue with guest accounts that have been created in the sponsor portal, some accounts work fine but others show up in the authentication logs on ISE as error 22056.  This error points to ISE not looking in the right identity store but when you go deeper into the details all auth requests are pointing at the internal users store which is correct.
  My main problem is that when I try to look at these accounts from the ISE admin console to see if there is any difference between them they do not show up i.e. no accounts that are created on the sponsor portal are displayed in the internal users database but if you try to create an account with the same user name ISE says that there is already an account with that name.
  Is there any where on ISE to display the sponsor guest accounts?
  Regards
  Craig

  Hi,
      not too sure if I am missing something but this just tells you how to use the sponsor portal? my query was based around being able to see all user accounts i.e. accounts created in the sponsor portal and from the admin from the admin console in the admin console.
  If I web browse to the ISE admin console and the go to administration-Identities I can only see the accounts that I have created through ISE admin, if I try and create an account that I know exists on the sponsor portal ISe complains that the user already exists but you cannot view it.  This seems very odd, why wouldn't an admin be able to see all accounts?
  thanks
  Craig

• Sponsor Portal Alternatives

  I'm currently using ISE 1.2 to administer policy for two SSIDs.  The first SSID is basically for domain devices only, and we utilize 802.1X and AD.  Works great.
  The second is currently utilizing the Sponsor Portal, and basically gives Internet-Only access to anybody with an e-mail address and who has a sponsor.  In this way, we limited access and knew who was on our network, even though it was Internet Only.  This access was intented for temps, contractors, and others who worked with us, but did not require access to domain devices or data.
  Well, that's what the intent was.    It seems that every once in a while, somebody with an AD computer from some other domain comes in and they are unable to utilize our SSID, because our requirement for a credential and their home domain's AD group policy are incompatible.  Presumably, the policy in question is a restriction banning the ability for a computer to join an unknown infratsructure network, hidden deep inside Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Wireless Network (IEEE802.11) Policies.
  I can't really tell others that their GP is too restrictive, and I can't really feel good about having a completely open SSID.
  Is there some middle ground?  Am I overlooking something?

  I totally understand your point when you say that "it becomes your problem" :) Nobody likes security but everyone wants it. Now with that being said, if the SSID is "Open" can these laptops connect to it? If yes, I believe that there is a setting in GPO that can prevent users from connecting to any other SSIDs besides the ones configured in GPO, thus you would still face the same problem. Also, the "not advertising" the SSID will not provide you with any additional security measures. The word will get out and you will see how everyone now is starting to use it :) Perhaps what you can do is make it less attractive by throttling the bandwidth and/or use some sort of a web filter and block sites like facebook, youtube, etc. 
  Just some food for thought :)
  Thank you for rating helpful posts!

• Redirect external user (internet) & internal user (intranet)

  Hi, we are developing a public portal services in which we have two kind of user: a) public user that access through internet to the portal. b) internal user that access inside a domain to the portal.
  We want to know How we can know which is the external and which is the internal in order to assign a portal desktop.
  I have seen in the forms the following options:
  1.-> IISPROXY
  2.-> SPNEGO
  3.-> APACHE & SAPDISPATCHER
  1.-> It seems that we the last release of the portal is obsolete
  2.-> It seems that SPNEGO is for internal use only (intranet).
  3.-> I have not documentation about.
  I would be very grateful if someone give a solution and documentation or links about it.
  Thanks in advanced.
  Regards.

  Hi Optima,
    You can use a appIntegrator to distinguish intranet/ extranet users..
    Have a look at "HowToUseAppIntegrator_en.pdf" from service market place.
  This weblog should give you some idea about appintegrator: Step-By-Step Guide to implement Application Integrator
  Regards,
  SK.

• ISE 1.3 Sponsor Portal mandatory fields

  Hello,
  in the ISE 1.2 version it was possible to say that some fields are mandatory like first name or company.
  I cannot find this setting in the ISE 1.3 version.
  Regards
  filip

  Leoni,
  These settings are found by going to Guest Access > Configure.  Select Sponsor Portals and choose the Sponsor Portal in which you are working.  Click Portal Page Customization
  Once there, select your Guest Type.  I chose Create Account for Known Guests.  Then choose Settings over the preview image.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• E-recruiting: create internal user failture when using RCF_CREATE_USER

  Hi, experts
      When I create candidate and internal user in E-recuriting using report RCF_CREATE_USER, the system returns me a message: "I::000 Enter at least one number for the business partner" , and so i can't create the user successfully.
      Can anyone show me the solution?
      Thanks very much.
      Best Regards,
      qiuguo

  Hi
  just a thought.....it may not be creating a CP /BP....check your authorization.....hope this helps.....b/r

• External portal capturing internal portal URL in Log and trace file

  Hi,
  We are facing one issue in portal like we have two portals for internal (Intranet) and external (Internet) users.
  Once users logged in the application and try to get the information about mylink from the external portal link (internet) they should not get any information about the internal portal.
  But in log and trace file we can see the external portal link capturing the internal portal URL.
  We need to find, from where system capturing the internal portal URL.
  Thanks.

  The tkproffed trace file is in seconds.
  "set timing" is in hh:mi:ss.uu format. So 00:00:01.01 is 1.01 seconds.
  You have to remember that most of these measurements are rounded. While your trace file says it contains one second of trace data, you know it's more.
  One excellent resource for trace files is "Optimizing Oracle Performance" by Cary Millsap & Jeff Holt. (http://www.amazon.com/Optimizing-Oracle-Performance-Cary-Millsap/dp/059600527X ) I thought I knew trace files before, but this book brings your knowledge to a whole new level.
  There is also an excellent WP by Cary Millsap ( http://method-r.com/downloads/doc_details/10-for-developers-making-friends-with-the-oracle-database-cary-millsap ) that gives you some insight.

• ISE Time Management for Sponsor Portal User

  Hi all,
  I'm currently using ISE version 1.2 and when I create a custom time management for each user, the rule applied to each user is only applied for a maximum 10 days eventhough I configured it for ex.30 days.
  want to check with all of you if anyone have the same issue?
  Firstly I think it's because the purge time is default set for 15 days, but even when I already changed it. The expiration time will still not get over than 10 days.
  Cheers
  Ryan

  Default Guest Time Profiles
  Time profiles provide a way to give different levels of time access to different guest accounts. Sponsors must assign a time profile to a guest when creating an account, but they cannot make changes to the time profiles. However, you can customize them and specify which time profiles can be used by particular sponsor groups. Beginning with Cisco ISE 1.2 time profiles are referred to as the account duration in the Sponsor portal.
  Cisco ISE 1.2 includes these default time profiles, which replace the profiles available previously:
  •DefaultFirstLoginEight—the account is available for 8 hours starting when the guest user first successfully connects to the Guest portal. This replaces the DefaultFirstLogin time profile.
  •DefaultEightHours—the account is available for 8 hours starting when sponsors first create the account. This replaces the DefaultOneHour time profile.
  •DefaultStartEnd—sponsors can specify dates and times on which to start and stop network access.
  If you upgrade to Cisco ISE 1.2, the older time profiles are still available, but you can delete them if you are not using them. If the older time profiles are assigned to a sponsor group, a message alerts you before deleting. If you perform a new installation of Cisco ISE 1.2, only the new time profiles display.

• ISE Guest Portal and one more SSID using internal accounts

  Hi Guys,
  I have two SSIDs on WLC, the first is related with ISE Guest Portal and the second is related with employee but i realize that the
  Guest user can access the employee SSID and employee accounts can access the Guest portal page.
  I guess this is happen because i cannot split these databases under "Internal Users" on Authentication Policy.
  How can i restrict the access even if i am using the internal databse?
  thanks a lot

  using the Authorization policy is the right way.  Match the corp ID store to the corp WLAN SSID ID in the AuthZ policy, for example (where Employee is your corp ID store and yyyy is the name of your corp SSID):