Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4310
Views
1
Helpful
7
Replies

Periodic AUP Acceptance - less than 8 hours?

Go to solution
danbates
Cisco Employee
Cisco Employee

‎06-28-2016 07:24 AM

Hello,

I understand that I can use the Endpoint:LastAUPAcceptanceHours authorization condition to create a rule redirecting Guest users to a portal to re-sign an AUP when the AUP period has expired.  The Cisco ISE Administrator Guide, Release 2.1, gives the usable range of this AUP period as 8 to 999 hours.  Is it possible to reduce this time in order to require Guest users to re-establish their session as often as every 30 minutes?

Documentation source: Cisco Identity Services Engine Administrator Guide, Release 2.1  - Configure Guest Access [Cisco Identity Services Engin…

1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-28-2016 08:13 AM

Please explain your use case and what you need want to do

Enhancement open to allow as low as 1 hour.


CSCuy24899 - Decrease the minimum value for LastAUPAcceptance check

ISE 1.4 Patch8

ISE 2.0 Patch4

ISE 2.0.1 Patch1

ISE 2.1 Patch2

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎06-28-2016 07:52 AM

Daniel,

I don't believe so but maybe jakunst knows of a trick around it.

Regards,

-Tim

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-28-2016 08:13 AM

Please explain your use case and what you need want to do

Enhancement open to allow as low as 1 hour.


CSCuy24899 - Decrease the minimum value for LastAUPAcceptance check

ISE 1.4 Patch8

ISE 2.0 Patch4

ISE 2.0.1 Patch1

ISE 2.1 Patch2

0 Helpful

Go to solution
danbates
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎06-28-2016 08:53 AM

Hi Jason,

I have a customer who wants to limit hotspot guest access to 30 minutes per session, and when the session expires, have the guests re-authenticate through the hotspot AUP page.

0 Helpful

Go to solution
gbekmezi-DD
Level 5
Level 5
In response to danbates

‎06-28-2016 05:00 PM

Why not require AUP on every login then and set session timeout via authz profile to 30 minutes? Would that work?

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to gbekmezi-DD

‎06-28-2016 05:25 PM

Not sure how that would work as endpoint is still registered and authorization is based off endpoint group and not hitting a portal until removed from that page.. Don't see this working

0 Helpful

Go to solution
gbekmezi-DD
Level 5
Level 5
In response to Jason Kunst

‎06-28-2016 09:30 PM

Of course you are right for a hotspot portal Jason. But, could they use a traditional guest portal, hide the username and password fields (prepopulate via script) and then require the AUP to be accepted?

George

Preview file
49 KB
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to gbekmezi-DD

‎06-29-2016 04:39 AM

Yes but then you're contemplating things, if 1 hour will work I would rather not get into that

0 Helpful
Customers Also Viewed These Support Documents