Guest Type Name
|
Provide a name (from 1 to 256 characters) that distinguishes this Guest Type from the default Guest Types and others that
you create.
|
Description
|
Provide additional information (maximum of 2000 characters) about the recommended use of this Guest Type, for example, use
for self-registering guests, Do not use for guest account creation, and so on.
|
Language File
|
Export or import the language file to use for portals using this Guest Type. |
Collect Additional Data
|
Select custom fields to collect additional information from guests.
To view this window, click the Menu icon ( ) and choose
.
|
Maximum Access Time—Account Duration Starts
|
From First Login: The account start time starts when the guest user first logs in to the guest portal, and the end time equals the specified
duration time. If the guest user never logs in, the account remains in the Awaiting First login state until the account is
removed by the Guest Account Purge Policy. Self-registered and Sponsor-created user accounts start when they create their
acoounts and log in to them.
Note
|
If you choose Allow access only on these days and times, the location is used to establish context of these times. If you do not want From First Login access to be based on location, do not set days and times for access.
|
From sponsor-specified date: Specify the maximum number of days, from 1 to 999, hours or minutes, that guests of this Guest Type can access and stay
connected to the network.
If you change this setting, your changes will not apply to existing guest accounts created using this Guest Type.
|
Allow Access only on these Days and Times
|
Enter the time range and select the days of the week to specify when this Guest Type can access the network. If this Guest
Type remains connected outside these time parameters, they will be logged out. The time ranges are related to the time zones
defined by the locations assigned to the guests using this Guest Type.
Click + or - for adding or deleting restricted access times.
|
Configure Guest Account Purge Policy
|
You can schedule an endpoint purge job. The endpoint purge schedule is enabled by default and Cisco ISE deletes endpoints
that are older than 30 days. See
Endpoints Purge Settings for more information.
|
Login Options—Maximum simultaneous logins
|
Enter the maximum number of user sessions that this Guest Type can have running concurrently.
|
When Guest Exceeds Limit
|
When you select Maximum simultaneous logins, you must also select the action to take when a user connects after that limit is reached.
When the guest exceeds limit:
|
Maximum Devices Guests can Register
|
Enter the maximum number of devices that can be registered to each guest. You can set the limit to a number lower than what
is already registered for the guests of this Guest Type. This will only affect newly created guest accounts.
When guest users reach the maximum number of devices they can register, they view a notification that informs them that they
can proceed in one of the following ways:
-
Select a registered device to remove from their device list and then add a new device.
-
Proceed with registering a new device. In this scenario, the oldest registered device on their list is automatically deregistered.
|
Assign Endpoint Identity Groups for Guest Devices
|
You must assign endpoint identity groups for guest device registration workflows.
Click the corresponding radio button to assign a Standard endpoint identity group or a Dynamic endpoint identity group respectively:
-
Standard: From the identitygroup drop-down list, choose the required endpoint identity group.
-
Dynamic: You can only assign LDAP user groups through the dynamic option.
If a user belongs to multiple user groups, Cisco ISE checks the following list sequentially and proceeds with the first user
group (with its configured identity group) that the user matches with.
-
From the User Group drop-down list, choose the required LDAP user group.
-
From the Identity Group drop-down list, choose the required endpoint identity group.
|
Allow Guest to bypass the Guest portal
|
Allows users to bypass the credentialed Guest captive portal (web authentication page) and access the network by providing
credentials to wired and wireless (dot1x) supplicants or VPN clients. Guest accounts go to Active state bypassing the Awaiting
Initial Login state and the AUP page, even if it is required.
If you do not enable this setting, users must first log in through the credentialed Guest captive portal before they will
be able to access other parts of the network.
|
Account Expiration Notification—Send account expiration notification __ days before account expires
|
Send a notification to Guests before their account expires and specify how many days, hours or minutes in advance of the expiration.
|
View messages in
|
Specify the language to use when displaying email or SMS notifications as you set them up.
|
Email
|
Select email as the method used for account expiry notification.
|
Use customization from
|
Select email customization from another portal.
|
Messages
|
Enter the text to use for account expiry notification.
|
Copy text from
|
Reuse email text that you created for another Guest Type for account expiry notification.
|
Send test email to me at
|
Ensure that the email notification displays as it should by sending it to your email address.
|
SMS
|
Select text (SMS) as the method used for account expiry notification.
|
Messages
|
Enter the text to use for account expiry notification.
|
Copy text from
|
Reuse text messages that you created for another Guest Type.
|
Send test SMS to me at
|
Ensure that the text notification displays as it should by sending it to your cell phone.
|
These sponsor groups can create this guest type
|
Select which sponsor groups can create Guest accounts with this Guest Type.
If you want to disable use of this Guest Type, do not assign it to any sponsor group. If you want to discontinue use of this
Guest Type, delete the sponsor groups listed.
|