Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 361

    Page 361 Procedure Step 1ChoosePolicy>PolicyElements>Results>Authorization>AuthorizationProfiles. Step 2Createanauthorizationprofileusingthenameoftheportalthatyouwanttoauthorizeforuse. What to Do Next Youshouldcreateaportalauthorizationpolicyrulethatusesthenewlycreatedauthorizationprofile. Create Authorization Policy Rules for Hotspot and MDM Portals ToconfiguretheredirectionURLforaportaltousewhenrespondingtotheusers'(guests,sponsors,employees) accessrequests,defineanauthorizationpolicyruleforthatportal.... 
    Procedure
Step 1ChoosePolicy>PolicyElements>Results>Authorization>AuthorizationProfiles.
Step 2Createanauthorizationprofileusingthenameoftheportalthatyouwanttoauthorizeforuse.
What to Do Next
Youshouldcreateaportalauthorizationpolicyrulethatusesthenewlycreatedauthorizationprofile.
Create Authorization Policy Rules for Hotspot and MDM Portals
ToconfiguretheredirectionURLforaportaltousewhenrespondingtotheusers'(guests,sponsors,employees)
accessrequests,defineanauthorizationpolicyruleforthatportal....

    Page 362

    Page 362 Sponsor Portals TheSponsorportalisoneoftheprimarycomponentsofCiscoISEguestservices.UsingtheSponsorportal, sponsorscancreateandmanagetemporaryaccountsforauthorizedvisitorstosecurelyaccessthecorporate networkortheInternet.Aftercreatingaguestaccount,sponsorsalsocanusetheSponsorportaltoprovide accountdetailstotheguestbyprinting,emailing,ortexting.Beforeprovidingself-registeringguestsaccess tothecompanynetwork,sponsorsmayberequestedviaemailtoapprovetheirguests’accounts. Managing Guest Accounts on the Sponsor... 
    Sponsor Portals
TheSponsorportalisoneoftheprimarycomponentsofCiscoISEguestservices.UsingtheSponsorportal,
sponsorscancreateandmanagetemporaryaccountsforauthorizedvisitorstosecurelyaccessthecorporate
networkortheInternet.Aftercreatingaguestaccount,sponsorsalsocanusetheSponsorportaltoprovide
accountdetailstotheguestbyprinting,emailing,ortexting.Beforeprovidingself-registeringguestsaccess
tothecompanynetwork,sponsorsmayberequestedviaemailtoapprovetheirguests’accounts.
Managing Guest Accounts on the Sponsor...

    Page 363

    Page 363 requestfromtheguest.ASponsorwiththesameprivilegeswhologsontothesponsorportal,andsearches forthoseaccounts,cansendnotification. ThissteprequiresthattheFQDNthatyouconfiguredonthesponsorportal'sPortalBehaviorandFlow SettingspageisinyourDNSserver. •IntheAdminstratorsconsole,fromtheSponsorPortalconfigurationpage.ClickGuestAccess> Configure>SponsorPortals,openasponsorportal,andclickthePortalTestURLlinktotheright oftheDescriptionfield.... 
    requestfromtheguest.ASponsorwiththesameprivilegeswhologsontothesponsorportal,andsearches
forthoseaccounts,cansendnotification.
ThissteprequiresthattheFQDNthatyouconfiguredonthesponsorportal'sPortalBehaviorandFlow
SettingspageisinyourDNSserver.
•IntheAdminstratorsconsole,fromtheSponsorPortalconfigurationpage.ClickGuestAccess>
Configure>SponsorPortals,openasponsorportal,andclickthePortalTestURLlinktotheright
oftheDescriptionfield....

    Page 364

    Page 364 Related Topics SponsorPortals,onpage316 Create Sponsor Accounts and Assign to Sponsor Groups TocreateinternalsponsoruseraccountsandspecifythesponsorswhocanusetheSponsorportals: Procedure Step 1ChooseAdministration>IdentityManagement>Identities>Users.Assigntheinternalsponsoruser accounttotheappropriateuseridentitygroup. ThedefaultSponsorGroupshavethedefaultIdentityGroupGuest_Portal_Sequenceassignedto them. Note Step 2ChooseGuestAccess>Configure>SponsorGroups>Create,EditorDuplicateandclickMembers.... 
    Related Topics
SponsorPortals,onpage316
Create Sponsor Accounts and Assign to Sponsor Groups
TocreateinternalsponsoruseraccountsandspecifythesponsorswhocanusetheSponsorportals:
Procedure
Step 1ChooseAdministration>IdentityManagement>Identities>Users.Assigntheinternalsponsoruser
accounttotheappropriateuseridentitygroup.
ThedefaultSponsorGroupshavethedefaultIdentityGroupGuest_Portal_Sequenceassignedto
them.
Note
Step 2ChooseGuestAccess>Configure>SponsorGroups>Create,EditorDuplicateandclickMembers....

    Page 365

    Page 365 YoucanaddmorelocationstochoosefrombyclickingthelinkunderConfigureguestlocationsatand addingguestlocations.Afteryoucreateanewguestlocation,save,close,andreopenthesponsorgroupbefore youcanselectthatnewguestlocation. Thisdoesnotrestrictguestsfromlogginginfromotherlocations. Step 7UnderSponsorCanCreate,configureoptionsthatsponsorsinthisgrouphaveforcreatingguestaccounts. •Multipleguestaccountsassignedtospecificguests(Import)—Enablethesponsortocreatemultiple... 
    YoucanaddmorelocationstochoosefrombyclickingthelinkunderConfigureguestlocationsatand
addingguestlocations.Afteryoucreateanewguestlocation,save,close,andreopenthesponsorgroupbefore
youcanselectthatnewguestlocation.
Thisdoesnotrestrictguestsfromlogginginfromotherlocations.
Step 7UnderSponsorCanCreate,configureoptionsthatsponsorsinthisgrouphaveforcreatingguestaccounts.
•Multipleguestaccountsassignedtospecificguests(Import)—Enablethesponsortocreatemultiple...

    Page 366

    Page 366 Step 9UnderSponsorCan,youcanprovidemoreprivilegesrelatedtoguestpasswordsandaccountstothemembers ofthissponsorgroup. •Viewguests’passwords—Forguestaccountsthattheycanmanage,allowthesponsortoviewthe passwords. Iftheguesthaschangedthepassword,thesponsorcannolongerviewit;unlessitwasresetbythe sponsortoarandompasswordgeneratedbyCiscoISE. Ifthisoptionisdisabledforasponsorgroup,themembersofthatgroupcannotsendemailand SMSnotificationsregardingthelogincredentials(guestpassword)fortheguestaccountsthat theymanage.... 
    Step 9UnderSponsorCan,youcanprovidemoreprivilegesrelatedtoguestpasswordsandaccountstothemembers
ofthissponsorgroup.
•Viewguests’passwords—Forguestaccountsthattheycanmanage,allowthesponsortoviewthe
passwords.
Iftheguesthaschangedthepassword,thesponsorcannolongerviewit;unlessitwasresetbythe
sponsortoarandompasswordgeneratedbyCiscoISE.
Ifthisoptionisdisabledforasponsorgroup,themembersofthatgroupcannotsendemailand
SMSnotificationsregardingthelogincredentials(guestpassword)fortheguestaccountsthat
theymanage....

    Page 367

    Page 367 Configure Account Content for Sponsor Account Creation Youcanconfigurethetypeofuserdatathatyourguestsandsponsorsmustprovidetocreateanewguest account.SomefieldsarerequiredtoidentifyanISEaccount,butyoucaneliminateotherfields,andaddyour owncustomfields. ToconfigurefieldsforaccountcreationbySponsors: 1InISE,chooseWorkCenters>GuestAccess>Portals&Components>SponsorPortals,andedit yoursponsorportal 2SelectthePortalPageCustomizationtab. 3ScrolldownandselectCreateAccountforKnownGuests.... 
    Configure Account Content for Sponsor Account Creation
Youcanconfigurethetypeofuserdatathatyourguestsandsponsorsmustprovidetocreateanewguest
account.SomefieldsarerequiredtoidentifyanISEaccount,butyoucaneliminateotherfields,andaddyour
owncustomfields.
ToconfigurefieldsforaccountcreationbySponsors:
1InISE,chooseWorkCenters>GuestAccess>Portals&Components>SponsorPortals,andedit
yoursponsorportal
2SelectthePortalPageCustomizationtab.
3ScrolldownandselectCreateAccountforKnownGuests....

    Page 368

    Page 368 Enable Policy Services TosupporttheCiscoISEend-userwebportals,youmustenableportal-policyservicesonthenodeonwhich youwanttohostthem. Procedure Step 1ChooseAdministration>System>Deployment Step 2ClickthenodeandclickEdit. Step 3OntheGeneralSettingstab,checkPolicyService. Step 4ChecktheEnableSessionServicesoption. Step 5ClickSave. Add Certificates for Guest Services Ifyoudonotwanttousethedefaultcertificates,youcanaddavalidcertificateandassignittoacertificate... 
    Enable Policy Services
TosupporttheCiscoISEend-userwebportals,youmustenableportal-policyservicesonthenodeonwhich
youwanttohostthem.
Procedure
Step 1ChooseAdministration>System>Deployment
Step 2ClickthenodeandclickEdit.
Step 3OntheGeneralSettingstab,checkPolicyService.
Step 4ChecktheEnableSessionServicesoption.
Step 5ClickSave.
Add Certificates for Guest Services
Ifyoudonotwanttousethedefaultcertificates,youcanaddavalidcertificateandassignittoacertificate...

    Page 369

    Page 369 •ActiveDirectorytoconnecttoanActiveDirectoryasanexternalidentitysource(seeActiveDirectory asanExternalIdentitySource,onpage249formoredetails). •LDAPtoaddanLDAPidentitysource(seeLDAP,onpage271formoredetails). •RADIUSTokentoaddaRADIUSTokenserver(seeRADIUSTokenIdentitySources,onpage279 formoredetails). •RSASecurIDtoaddanRSASecurIDserver(seeRSAIdentitySources,onpage283formoredetails). Create Identity Source Sequences Before You Begin EnsurethatyouhaveconfiguredyourexternalidentitysourcesinCiscoISE.... 
    •ActiveDirectorytoconnecttoanActiveDirectoryasanexternalidentitysource(seeActiveDirectory
asanExternalIdentitySource,onpage249formoredetails).
•LDAPtoaddanLDAPidentitysource(seeLDAP,onpage271formoredetails).
•RADIUSTokentoaddaRADIUSTokenserver(seeRADIUSTokenIdentitySources,onpage279
formoredetails).
•RSASecurIDtoaddanRSASecurIDserver(seeRSAIdentitySources,onpage283formoredetails).
Create Identity Source Sequences
Before You Begin
EnsurethatyouhaveconfiguredyourexternalidentitysourcesinCiscoISE....

    Page 370

    Page 370 Create a Sponsor Portal YoucanprovideaSponsorportaltoenablesponsorstocreate,manage,andapproveaccountsforguestswho wanttoconnecttoyournetworktoaccesstheinternetandinternalresourcesandservices. CiscoISEprovidesyouwithadefaultSponsorportalthatyoucanusewithouthavingtocreateanotherone. However,youcancreateanewSponsorportal,oryoucaneditorduplicateanexistingone.Youcandelete anyoftheseportals,exceptthedefaultSponsorportal. AnychangesthatyoumaketothePageSettingsonthePortalBehaviorandFlowSettingstabarereflected... 
    Create a Sponsor Portal
YoucanprovideaSponsorportaltoenablesponsorstocreate,manage,andapproveaccountsforguestswho
wanttoconnecttoyournetworktoaccesstheinternetandinternalresourcesandservices.
CiscoISEprovidesyouwithadefaultSponsorportalthatyoucanusewithouthavingtocreateanotherone.
However,youcancreateanewSponsorportal,oryoucaneditorduplicateanexistingone.Youcandelete
anyoftheseportals,exceptthedefaultSponsorportal.
AnychangesthatyoumaketothePageSettingsonthePortalBehaviorandFlowSettingstabarereflected...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals