restrict AD group on guest self-reg portal with remember me option enabled

Paolo Bratti · ‎12-19-2018

Hi,
I want to restrict AD group (VIPUserMAB) on guest self-reg portal with remember me option enabled; how can i do this?

is it possible?

Surendra · ‎12-19-2018

Can you please explain the use case in detail ?

Timothy Abbott · ‎12-19-2018

The problem you are going to run into is that the authentication is for the endpoint and not the user since user credentials are not apart of the MAB process. The way you currently have policy configured is to allow any MAC address in the VIPUserMAB endpoint identity group will receive the GuestPermit authorization result (if you were to enable it). There is no username component to the authorization rule and because the use case is wireless MAB, you won't receive a username. Just the MAC address.

Regards,

-Tim

Jason Kunst · ‎12-19-2018

@Timothy Abbott is correct. there is no way to mix REMEMBER ME based of MAB endpoint group and Active directory group.

There is a way to do it but its a little crude.

Check out special flows

http://cs.co/ise-guest

Paolo Bratti · ‎12-26-2018

@Jason Kunst wrote:

@Timothy Abbott is correct. there is no way to mix REMEMBER ME based of MAB endpoint group and Active directory group.

There is a way to do it but its a little crude.

which one?

Jason Kunst · ‎12-27-2018

Which one suits you. Did you look over the options?