3 Replies Latest reply: May 16, 2018 9:51 AM by jakunst RSS

ISE Wired Central Web Authentication - sponsor choose the access level of the guest


Hello to all,


Somebody put a question...and somehow ( i do not know how precisely) we've got  involved in finding a solution and trying to answer to this question : there is a way to give to the sponsor the "ability"  to decide the access level of the guest users ?


Situation: the "guest" users which connect to the wired/wireless infrastructure are redirected to a captive portal . Here, they insert some minimial information (name, email etc) . The approval is made by the sponsor which via email or sponsor portal, approve or decline the request. After that, the guest get internet access and minimal access to the internal resources.


Problem: we have different types of guests people: some need only internet access, others internet + minimal internal resources and the last type of guest need almost full access to the internal resources (based on location). And unfortunately, only one "enter point" which is the switch port (in case of the wired infrastructure).


Question: is it possible to "raise" somehow the sponsor capabilities in order to  be able not only to accept or decline the request, but also, on the same time , to decide and assign the level of access (let's say level 1 visitor, level 2 contractor, level 3  VIP) ?


Let's say that the only thing which is not a variable, is the fact that the responsibility for approving the access should be on the sponsor.  For the rest...any kind of compromise would be good :-)

In case of the wireless infrastructure we have thinking to work on "the enter point" which would be a different SSID for each type of guest. However, on the wired side (which is the one that we are interested to achieve ) we don't have this possibility.

We have thinking also on the wired side to have something like "a variable based portal" in which we would ask to the guest user during the enrollment to choose also the account type (visitor, contractor etc) and use that variable on the authorization policies. But even if we're able to do it, this is not exactly what we should achieved since would not be the sponsor who assigned the access level...


Thanks in advance for any idea on this matter.