Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2496
Views
0
Helpful
4
Replies

[Q] Friendly URL - Guest Device Registration Portal

Go to solution
Jonathan Grim
Cisco Employee
Cisco Employee

‎07-19-2019 08:39 AM - edited ‎07-19-2019 08:39 AM

 

Is there a native way, within ISE, for guests to easily access the Guest Device Registration Portal at a later time?

Use Case - The Guest self-registers their mobile device.  Later in the day, the Guest wants to add a video game console to the Guest WLAN.

The Guest could browse to the "Portal test URL," but the URL is not simple or memorable.  To the best of my knowledge, the only way to make it memorable or simple would involve a server load-balancer or a "redirect" service to re-write the guest portal URL.  I'm hoping there's a better way out there...

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Grim
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎07-20-2019 11:54 AM - edited ‎07-20-2019 11:59 AM

@Jason Kunst, I agree, the BYOD workflow is preferred, provided the user registering the new device is known to ISE.  For example, they're an internal ISE user; or found in an External Identity Store. 

Unfortunately, that won't work for this instance.  For this use case, a Guest user needs to add the non-WebAuth capable device to the Guest WLAN.

I configured a plausible workaround in my lab.

  • Guests use the Hotspot portal for mobile devices that support WebAuth. 
  • Then, I created another portal for Self-Registration.
  • I added an Authorization policy for the SSID, below the existing Guest_Flow policy.  Only check for Wireless_MAB and the GuestEndpoints endpoint identity group.
  • I copied the URL for the Self-Registration portal.  Added it to a public facing "support" page.
  • When you click the link on the public facing "support" page, you're sent to the Self-Registration portal.

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-19-2019 08:58 AM

That's what the BYOD my devices portal is for :) you can do mydevices.mycompany.com the guest portal is for registration devices at time of login and redirect. you could perhaps do something with a BIND server to map it but not sure about that, will let others chime in if they have found a way.
0 Helpful

Go to solution
Jonathan Grim
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎07-20-2019 11:54 AM - edited ‎07-20-2019 11:59 AM

@Jason Kunst, I agree, the BYOD workflow is preferred, provided the user registering the new device is known to ISE.  For example, they're an internal ISE user; or found in an External Identity Store. 

Unfortunately, that won't work for this instance.  For this use case, a Guest user needs to add the non-WebAuth capable device to the Guest WLAN.

I configured a plausible workaround in my lab.

  • Guests use the Hotspot portal for mobile devices that support WebAuth. 
  • Then, I created another portal for Self-Registration.
  • I added an Authorization policy for the SSID, below the existing Guest_Flow policy.  Only check for Wireless_MAB and the GuestEndpoints endpoint identity group.
  • I copied the URL for the Self-Registration portal.  Added it to a public facing "support" page.
  • When you click the link on the public facing "support" page, you're sent to the Self-Registration portal.

 

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Jonathan Grim

‎07-20-2019 12:49 PM

I think your solution would work although not straight forwards.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Jonathan Grim

‎07-20-2019 03:18 PM

It was nice hashing this out with you.
0 Helpful
Customers Also Viewed These Support Documents