Cisco Identity Services Engine User Guide, Release 1.2
Customizing the End-User Web Portals
Downloads: This chapterpdf (PDF - 238.0KB) The complete bookPDF (PDF - 9.66MB) | Feedback

Table of Contents

Setting Up and Customizing End-User Web Portals

Available End-User Portals

End-User Portals in Distributed Environment

Enabling Policy Services for End-User Portals

Specifying Ports and Ethernet Interfaces for End-User Portals

Tips for Assigning Ports and Ethernet Interfaces

Specifying the Fully Qualified Domain Name for Sponsor and My Devices Portals

Customizing the Portal Language, Text, and Error Messages

Adding a Custom Language Template

Customizing Portal UI Fields and Error Messages

Customizing the Web Portal Images and Color Scheme

Displaying Banner Messages to Users When Logging In or Out of Portals

Enabling Banner Messages

Customizing the Sponsor Portal Banner Messages

Customizing the My Devices Portal Banner Messages

Customizing the Guest Portal Login Banner Message

Available End-User Portals

Cisco ISE provides web-based portals for three primary sets of end users:

  • Guests who need to temporarily access your enterprise network using the Guest portal
  • Employees who are designated as sponsors who can create and manage guest accounts using the Sponsor portal.
  • Employees who are using their personal devices on the enterprise network using the My Devices portal

Related Topics

End-User Portals in Distributed Environment

The end-user portals depend on the Administration, Policy Services, and Monitoring personas to provide configuration, session support, and reporting functionality.

Administration Node

Any configuration changes you make to users or devices on the end-user portals are written to the Administration node. If the primary Administration node fails, you can log into the end-user portals, but you cannot create, edit, or delete users or devices until the primary node comes back up or you promote the secondary node.

Policy Services Node

You must run the end-user portals on a Policy Services node, which handles all session traffic, including: network access, client provisioning, guest services, posture, and profiling. If the Policy Service node is part of a node group, and the node fails, the other nodes detect the failure and reset any pending sessions.

Monitoring Node

The Monitoring node collects, aggregates, and reports data about the end user and device activity on the My Devices, Sponsor, and Guest portals. If the primary Monitoring node fails, the secondary Monitoring node automatically becomes the primary Monitoring node.

Related Topics

Enabling Policy Services for End-User Portals

To support the end-user portals, you must enable portal-policy services on the node on which you want to host them.


Step 1 Choose Administration > System > Deployment .

Step 2 Click the node and click Edit .

Step 3 On the General Settings tab, check Policy Service .

Step 4 Check the Enable Session Services option.

Step 5 Click Save .


 

Specifying Ports and Ethernet Interfaces for End-User Portals

You can specify the port used for each web portal allowing you to use different ports for the end-user portals: Sponsor, Guest (and Client Provisioning), My Devices, and Blacklist portals. The Client Provisioning portal uses ports 8905 and 8909 for posture assessments and remediation, which you cannot change. Otherwise, it uses the same ports assigned to the Guest portal.

You can also partition portal traffic to specific Gigabit Ethernet interfaces. For example, you might not want the Admin portal (which always uses GigabitEthernet 0) available on the same network as guest users or employee devices.


Step 1 Choose Administration > Web Portal Management > Settings > General > Ports .

Step 2 Enter the port value in the HTTPS Port field for each portal. By default, the Sponsor, Guest, My Devices portals use 8443, and the Blacklist portal uses port 8444.

Step 3 Check the Gigabit Ethernet interfaces you want to enable for each portal.

Step 4 Click Save .

If you have changed the port settings, all nodes (Administration, Policy Services, and Monitoring) restart automatically, which may take several minutes to complete.


 

Related Topics

Tips for Assigning Ports and Ethernet Interfaces

Refer to these guidelines to help you decide how best to assign ports and Ethernet interfaces to the end-user portals:

  • All port assignments must be between 8000-8999. This port range restriction is new in Cisco ISE 1.2. If you upgraded with port values outside this range, they are honored until you make any change to this page. If you make any change to this page, you must update the port setting to comply with this restriction.
  • You must assign the Blacklist portal to use a different port than the other end-user portals.
  • Any portals assigned to the same HTTPS port also use the same Ethernet interfaces. For example, if you assign both the Sponsor and My Devices portals to port 8443, and you disable GigabitEthernet 0 on the Sponsor portal, that interface is also automatically disabled for the My Devices portal.
  • You must configure the Ethernet interfaces using IP addresses on different subnets.

Specifying the Fully Qualified Domain Name for Sponsor and My Devices Portals

You can set the Sponsor and My Devices portals to use an easy-to-remember fully-qualified domain names (FQDN), such as: mydevices.companyname.com or sponsor.companyname.com. Alternatively, Cisco ISE also supports wildcard certificates to address certificate name mismatch issues.

You must configure DNS to resolve to at least one policy services node. If you have more than one policy services node that will provide portal services, you should configure high availability for the portal. For example, you could use a load balancer or DNS round-robin services.

Before You Begin

You must also update DNS to ensure the FQDN of the new URL resolves to a valid policy service node IP address. Additionally, to avoid certificate warning messages due to name mismatches, you should also include the FQDN of the customized URL in the subject alternative name (SAN) attribute of the local server certificate of the Cisco ISE policy service node.


Step 1 Choose Administration > Web Portal Management > Settings > General > Ports .

Step 2 Scroll to the Portal FQDNs section, and check the appropriate setting:

    • Default Sponsor Portal FQDN
    • Default My Devices Portal FQDN

Step 3 Enter a fully qualified domain name.

Step 4 Click Save , and all nodes (Administration, Policy Services, and Monitoring) restart automatically, which may take several hours to complete.

Step 5 Configure the network DNS server so that it resolves the FQDN to the Sponsor or My Devices portal nodes.


 

Related Topics

Customizing the Portal Language, Text, and Error Messages

The Sponsor, Guest, and My Devices portals can be set to display in any of the languages supported by Cisco ISE. If you need to support additional languages, you can create custom templates.

You can further customize the language display for each portal by modifying the UI text and error messages used by each portal.

Related Topics

Cisco ISE Internationalization and Localization

Adding a Custom Language Template

If you want to support any additional languages, you can create a custom language template. Each language template must use a unique browser locale mapping.


Step 1 Choose Administration > Web Portal Management > Settings > Guest , Sponsor , or My Devices > Language Template .

Step 2 Click Add to create a new language template.

Step 3 Enter a unique Name and Description for the language template, followed by a valid Browser Locale Mapping .

Step 4 Update the text strings in each section with localized content.

Step 5 Click Save .


 

Related Topics

Customizing Portal UI Fields and Error Messages

You can fully customize the text and error messages used by the Guest, Sponsor, and My Devices portals. The Guest portal customizations also include the fields used by the Self-Provisioning portal and the Mobile Device Management (MDM) enrollment and compliance pages.


Step 1 Choose Administration > Web Portal Management > Settings > Guest , Sponsor , or My Devices > Language Template .

Step 2 Choose one of the languages from the list.

Step 3 Update the text strings in each section with localized content.

Step 4 Click Save .


 

Related Topics

Customizing the Web Portal Images and Color Scheme

You can customize the look-and-feel of the end-user portals by uploading your company’s logos, background images, or color schemes. These changes apply to the My Devices, Sponsor, and Guest portals, but you can assign different images and colors to the mobile Guest portal.

These settings allow you to change the appearance of the portals without having to upload customized HTML files to the Cisco ISE server. However, if you want to create themes unique to specific Guest portals, you must upload your custom HTML files instead.


Step 1 Choose Administration > Web Portal Management > Settings > General > Portal Theme .

Step 2 Upload the graphics and change the color settings in the Style Settings section to customize the standard portals.

Step 3 Upload the graphics and change the color settings in the Mobile Device Style Settings to customize the Guest mobile portal.

Step 4 Click Save .


 

Related Topics

Displaying Banner Messages to Users When Logging In or Out of Portals

You can display messages to users when they log into one of the end-user portals. The pre-login banner displays on the login page for each portal. The post-login banner displays briefly for about 15 seconds on the bottom right side of the Sponsor and My Devices portals, and it does not apply to the Guest portal. You can customize the displayed text for each portal individually.

Enabling Banner Messages

If you want to display messages to users before or after they log into one of the end-user portals, you need to enable them. This option enables the setting on each portal, but you can then customize the displayed text specifically for each portal.


Step 1 Choose Administration > Web Portal Management > Settings > General > Portal Theme .

Step 2 Check the Display pre-login banner and Display post-login banner options enable the banners.


 

Related Topics

Customizing the Sponsor Portal Banner Messages

You can customize the text that displays to sponsor users before and after logging into the Sponsor portal.


Step 1 Choose Administration > Web Portal Management > Settings > Sponsor > Language Template .

Step 2 Click the language, such as English.

Step 3 Click Configure Common Items and update the Pre-Login Banner Text and Post-Login Banner Text fields.

Step 4 Click Save .


 

Related Topics

Customizing the My Devices Portal Banner Messages

You can customize the text that displays to employees before and after logging into the My Devices portal.


Step 1 Choose Administration > Web Portal Management > Settings > My Devices> Language Template .

Step 2 Click the language, such as English.

Step 3 Click Configure Login Page and update the Pre-Login Banner Text and Post-Login Banner Text fields.

Step 4 Click Save .


 

Related Topics

Customizing the Guest Portal Login Banner Message

You can customize the text that displays to guests before logging into the Guest portal.


Step 1 Choose Administration > Web Portal Management > Settings > Guest > Language Template .

Step 2 Click the language, such as English.

Step 3 Click Configure Login Page and update the Pre-Login Banner Text fields.

Step 4 Click Save .


 

Related Topics