Cisco Identity Services Engine Sponsor Portal User Guide, Release 1.1.x
Managing Guest Accounts
Downloads: This chapterpdf (PDF - 276.0KB) The complete bookPDF (PDF - 663.0KB) | Feedback

Table of Contents

Managing Guest Accounts

Creating a Single Guest Account

Creating Random Guest Accounts

Importing Guest Accounts

Editing an Existing Guest User Account

Deleting an Existing Guest User Account

Suspending a Guest User Account

Reinstating a Suspended Account

Viewing Guest Accounts and Resending Account Details

Managing Guest Accounts

 

You can create and manage guest user accounts to provide temporary network access for guests. If you have numerous guest user accounts whose account information is stored in an external database, you can import this information to expedite the account creation process.

This section covers the following topics:

Creating a Single Guest Account

You can create a single guest user accounts to provide network access to any guest. User account is created with a randomly generated password, based on the Password Policy that is set globally for the system.

Guest User Password Protection

Passwords can be viewed by the sponsor or admin, until such time that the guests change their passwords. After a guest changes their password, asterisks (*****) replace the password in the Password field hiding it from view.


Note If a guest user forgets their customized password, you must create a new guest account for that user. Currently, resetting a customized password is not supported.


To create a single guest user account, complete the following steps:


Step 1 Log in to the Sponsor portal.

Step 2 Click Create Single Guest Account , from the Home page

The Create Guest Account dialog box appears. See Figure 2-1.

Figure 2-1 Create Guest Account Dialog Box

 

Step 3 Enter the values as described in Table 2-1 .

Step 4 Click Submit .

The Successfully Created Guest Account screen appears with the Guest details and the system-generated username and password for the guest account. Do one of the following:

a. Choose the notification form by clicking Print, Email, or SMS. Depending on the privileges given to the sponsor group by your network administrator in the Cisco ISE Admin portal, you may or may not get these notification buttons.

b. Click Create Another Account to create more guest user accounts.

c. Click View All Accounts to view a list of all the guest user accounts created.

Initially, when you create a guest user account, the status that is shown for that account is Awaiting Initial Login. After the guest logs in with the given user name and password, and accepts the Use Policy, the status changes to Active.

After you create a guest user, the logs are stored in the guest sponsor summary report.


Note The fields on this screen may be made Mandatory, Optional, or Not Used as configured by your network administrator in the Cisco ISE Admin portal. All fields might not appear on the page, depending on the configurations that your network administrator made.



 

 

Table 2-1 Description of Fields Available in the Create Single Guest Account Dialog Box

Option
Description

First Name

First name of the guest user; maximum length is 24 characters.

Last Name

Last name of the guest user; maximum length is 24 characters.

Email Address

A valid email address of the guest user; maximum length is 48 characters.

For example, username@domain.com.

The Cisco ISE sends the login credentials to this email address if the guest user chooses to be notified through email.

To notify guest users through email, your Cisco ISE administrator must set appropriate authorization levels while creating sponsor groups. Contact your administrator if you need additional assistance with this feature.

Company

Maximum length is 24 characters.

Phone Number

A valid phone number of the guest user.

The Cisco ISE sends the login credentials to this telephone number if the guest user chooses to be notified through SMS.

Optional Data 1 through 5

Add any additional information that you want to enter about the guest user.

Group Role

Assign a group role for the guest user. Group role is the Identity Group that is to be assigned to the guest user. This Identity Group is used in authorization policies to map the guest users to their appropriate network access privileges.

Time Profile

Assign a time profile for the guest user.

Timezone

Set a time zone under which you want to keep the guest user.

Language Template for Email/SMS Notifications

Choose the language template to be used for sending Email or SMS notification.


Note Guest objects use internal dates in UTC timezone. As a result, all dates and time will appear in UTC time when logged in audit logs.



Note When the primary Administration ISE node is down, you cannot create new guest user accounts. During this time, the guest and sponsor portals provide read-only access to the existing guest and sponsor users respectively. Also, a sponsor admin who has never logged into the sponsor portal before the primary Administration ISE node went offline, can not login to the sponsor portal until a secondary Administration ISE node is promoted or the primary Administration ISE node becomes available."


Related Topics

Creating Random Guest Accounts

You can create up to 10,000 random guest accounts in advance, record the details separately, and store them in the system for future use. An example of random accounts usage could be a lobby ambassador who hands out guest user access accounts from a predefined list.

Random accounts are created with randomly generated usernames and passwords. You can add a username prefix to each account name. The remainder of the username and generation of the password follow the username and password policies that are set by your network administrator in the Cisco ISE Admin portal.

Guest User Password Protection

Randomly generated passwords can be viewed by the sponsor or admin, until such time that the guests change their passwords. After a guest changes their password, asterisks (*****) replace the password in the Password field hiding it from view.


Note If a guest user forgets their customized password, you must create a new guest account for that user. Currently, resetting a customized password is not supported.


To create a random guest account, complete the following steps:


Step 1 Log into the Sponsor portal.

Step 2 Click Create Random Guest Account.

A dialog box appears.

Step 3 Enter the values as described in Table 2-2 in the dialog box.

Step 4 Click Submit .

The Current Guests listing page is displayed with the list of newly created guest accounts.


 

Table 2-2 describes the fields that are available in the Create Random Guest Account dialog box.

 

Table 2-2 Description of Options Available in the Create Random Guest Account Dialog Box

Option
Description

Number of Random Accounts to Create

The number of random accounts that you want to create.

Username Prefix

A username prefix to be added to the randomly generated username.

Group Role

Assign a group role for the guest user. Group role is the Identity Group to be assigned to the guest user. This Identity Group is used in authorization policies to map the guest users to their appropriate network access privileges.

Time Profile

Assign a time profile for the guest user.

Timezone

Set a time zone under which you want to keep the guest users.

Related Topics

Importing Guest Accounts

To create numerous guest user accounts whose account information is stored in an external database, you can use the Import Guest Accounts feature to import the details. Upload a .csv file to the sponsor portal. The sponsor portal parses the information in the .csv file and creates new guest user account for each entry in the file.

To import a .csv file, complete the following steps:


Step 1 Log into the Sponsor portal.

Step 2 Click Import Accounts under Account Management.

The Import Accounts dialog box appears.

Step 3 Enter the values as described in Table 2-3 in the dialog box.

Step 4 Click Import .


 

Table 2-3 describes the fields that are available in the Import Guest Account dialog box.

 

Table 2-3 Description of Options Available in the Import Guest Account Dialog Box

Option
Description

File

Click Browse to choose and upload the .csv file to the sponsor portal.

Group Role

Assign a group role for the guest user. Group role is the Identity Group to be assigned to the guest user. This Identity Group is used in authorization policies to map the guest users to their appropriate network access privileges.

Time Profile

Assign a time profile for the guest user.

Timezone

Set a time zone under which you want to keep the guest users.

Language Template for Email/SMS Notifications

Choose the language template to be used for sending Email or SMS notification.

Download Import File Template

Downloads a template that describes the format for the .csv file.

The import process creates as many guest accounts as there are entries in the .csv file. If there is an error in any entry, that entry is omitted and the remaining entries are imported.

Related Topics

Editing an Existing Guest User Account

This section shows you how to edit an existing guest user account.

To edit an existing guest user account, complete the following steps:


Step 1 Log into the sponsor portal.

Step 2 Click View All Guest User Accounts to go to the Guest User Accounts List page.

Step 3 Click the guest account name that you want to modify, or check the check box next to the name and click Edit .

The Edit Guest User page appears.

Step 4 Modify the values as described in Table 2-1 .

Status displays the current status of the guest user account.

Step 5 Check the Suspend check box if you want to suspend a guest user account.

Step 6 Click Submit .


 

Related Topics

Deleting an Existing Guest User Account

This section shows you how to delete an existing guest user account.

To delete an existing guest user account, complete the following steps:


Step 1 Log into the sponsor portal.

Step 2 Click View All Guest User Accounts to go to the Guest User Accounts List page.

Step 3 Check the check box next to the guest user name and click Delete .


 

Related Topics

Suspending a Guest User Account

This section shows you how to suspend a guest user account.

To suspend a guest user account, complete the following steps:


Step 1 Log into the sponsor portal.

Step 2 Click View All Guest User Accounts to go to the Guest User Accounts List page.

Step 3 Check the check box next to the guest user name and click Suspend .


 

Related Topics

Reinstating a Suspended Account

This section shows you how to reinstate a suspended guest user account.

To reinstate a suspended guest user account, complete the following steps:


Step 1 Log into the sponsor portal.

Step 2 Click View All Guest User Accounts to go to the Guest User Accounts List page.

Step 3 Check the check box next to the guest user name and click Reinstate .


 

Related Topics

Viewing Guest Accounts and Resending Account Details

All the guest user accounts that you created appear on the Guest User Accounts List page. This page allows you to view, print, or email the account access details to guests if they have lost or forgotten them.

The guest accounts might display the following status:

  • Active—When an account is being used by the guest user.
  • Suspended—When an account has been suspended by a sponsor user.
  • Awaiting Initial Login—When the guest user has not yet logged in for the first time.
  • Expired—When an account has expired following the expiration of the valid time defined by the time profile for that account.

This page also allows you to edit, delete, reinstate, or suspend a guest account as shown in Figure 2-2.

Depending on the privileges set for the sponsor group that you belong to, you may or may not have permission to perform some of the following actions. See Sponsor Groups for more details.

The following actions can be performed from the Guest User Accounts List page:

  • Create—To create a new guest user account.
  • Edit—To edit an existing guest account. Click the guest account name that you want to modify, or check the check box next to the name and click Edit.
  • Delete—To delete an existing account. Check the check box next to the name and click Delete.
  • Reinstate—To reactivate a suspended account. Check the check box next to the name and click Reinstate.
  • Suspend—To suspend a guest user account. Check the check box next to the name and click Suspend.
  • Print—To print the account details of an existing account. Check the check box next to the name and click Print. This button is available only if Allow Printing Guest Details option is set to Yes in Authorization Levels while creating the Sponsor Group.
  • Email—To send mail with the account details to the guest. Check the check box next to the name and click Email. This button is available only if Send Email option is set to Yes in Authorization Levels while creating the Sponsor Group. Contact your administrator if this feature is not available to you.

To send the guest’s account details by email, the Cisco ISE administrator must first setup an email server. Contact your administrator if this feature is not available to you.

  • SMS—To send SMS with the account details to the guest. Check the check box next to the name and click SMS . This button is available only if Send SMS option is set to Yes in Authorization Levels while creating the Sponsor Group.
  • Filter—To filter and search the existing guest accounts based on the username, firstname, lastname, or email address.
  • Display records per page—To set the numbers of records to be displayed per page, choose the record limit from the list available and click Go . The available denominations are 10, 25, 50, 100, and 200.
  • Page Navigation—On existence of more records that cannot be accommodated in a single page, the records are displayed in multiple pages. Table 2-4 describes the icons that are used for page navigation.

 

Table 2-4 Page Navigation Icons

Icon
Description

 

To view the next page

 

To view the previous page

 

To view the last page

 

To view the first page

Figure 2-2 Guest Users Listing Page