Cisco Ise 13 User Guide
Have a look at the manual Cisco Ise 13 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Usage GuidelinesField Changethenumberofdayssincetheregistrationof auser'sdevicebeforeitispurgedfromtheCiscoISE database.Purgingisdoneonadailybasisandthe purgeactivityissynchronizedwiththeoverallpurge timing.Thechangeisappliedgloballyforthis endpointidentitygroup. IfchangesaremadetotheEndpointPurgePolicy basedonotherpolicyconditions,thissettingisno longeravailableforuse. Purgeendpointsinthisidentitygroupwhentheyreach __daysold AllowsuserstobypassthecredentialedGuestcaptive portal(webauthenticationpage)andaccessthe networkbyprovidingcredentialstowiredand wireless(dot1x)supplicantsorVPNclients.Guest accountsgotoActivestatebypassingtheAwaiting InitialLoginstateandtheAUPpage,evenifitis required. Ifyoudonotenablethissetting,usersmustfirstlog inthroughthecredentialedGuestcaptiveportalbefore theywillbeabletoaccessotherpartsofthenetwork. AllowguesttobypasstheGuestportal SendanotificationtoGuestsbeforetheiraccount expiresandspecifyhowmanydays,hoursorminutes inadvanceoftheexpiration. Sendaccountexpirationnotification__daysbefore accountexpires Specifythelanguagetousewhendisplayingemail orSMSnotificationsasyousetthemup. Viewmessagesin Selectemailasthemethodusedforaccountexpiry notification. Email Selectemailcustomizationfromanotherportal.Usecustomizationfrom Enterthethetexttouseforaccountexpiry notification. Messages ReuseemailtextthatyoucreatedforanotherGuest Typeforaccountexpirynotification. Copytextfrom Ensurethattheemailnotificationdisplaysasitshould bysendingittoyouremailaddress. Sendtestemailtomeat Selecttext(SMS)asthemethodusedforaccount expirynotification. SMS Enterthethetexttouseforaccountexpiry notification. Messages Cisco Identity Services Engine Administrator Guide, Release 1.3 795 Global Settings
Usage GuidelinesField Reusetextmessagesthatyoucreatedforanother GuestType. Copytextfrom Ensurethatthetextnotificationdisplaysasitshould bysendingittoyourcellphone. SendtestSMStomeat SelectwhichsponsorgroupscancreateGuest accountswiththisGuestType. IfyouwanttodisableuseofthisGuestType,donot assignittoanysponsorgroup.Ifyouwantto discontinueuseofthisGuestType,deletethesponsor groupslisted. Thesesponsorgroupscancreatethisguesttype Sponsor Group Settings ThenavigationpathforthesesettingsisGuestAccess>Configure>SponsorGroups.Usethesesettings toaddmemberstothesponsorgroup,defineguesttypesandlocationprivileges,andsetpermissionsrelated tocreatingandmanagingguestaccounts. •DisableSponsorGroup—DisablemembersofthissponsorgroupfromaccessingtheSponsorportal. Forinstance,youmaywanttotemporarilypreventsponsorsfromloggingintotheSponsorportalwhile configurationchangesarebeingmadeintheAdminportal.Or,youmaywanttodisableasponsorgroup thatisinvolvedininfrequentactivity,suchassponsoringguestsforanannualconvention,untilthetime theyneedtobeactivatedagain. •Sponsorgroupname—Enterauniquename(from1to256characters). •Description —Includeusefulinformation(maximumof2000characters)suchastheguesttypesusedbythissponsor group. •Members—ClicktodisplaytheSelectSponsorGroupMembersbox,whereyoucanselectavailable useridentitygroups(frominternalandexternalidentitystores)andaddthemasmembersofthissponsor group. •SponsorGroupMembers—Searchandfilterthelistofselectedsponsorgroupsanddeleteanygroups youdonotwanttoinclude. •Thissponsorgroupcancreateaccountsusingtheseguesttypes—Specifytheguesttypesthatthe membersinthissponsorgroupcanusewhencreatingguestaccounts.Forasponsorgrouptobeenabled, itmusthaveatleastoneguesttypethatitcanuse. Ifyouassignonlyoneguesttypetothissponsorgroup,youcanchoosenottodisplayitintheSponsor portalsinceitistheonlyvalidguesttypeavailableforuse.ChooseGuestAccess>Configure>Sponsor Portal>PageCustomization>CreateAccounts>GuestTypes>Settings.CheckHideguesttype ifonlyoneisavailabletosponsortoenablethisoption. •ConfigureGuestTypes Cisco Identity Services Engine Administrator Guide, Release 1.3 796 Global Settings
—Iftheguesttypeyouneedisnotavailable,clickGuestAccess>Configure>GuestTypesandcreate anewguesttypeoreditanexistingone. •Selectthelocationsthatguestswillbevisiting—Selectthevariouslocationssponsorsinthisgroup canassigntoguestswhencreatingtheiraccounts.Thishelpsdefinethevalidtimezonesfortheseguest accountsandspecifiesallthetimeparametersthatapplytotheguest,suchasvalidaccesstimes,andso on.Thisdoesnotpreventguestsfromconnectingtothenetworkfromotherlocations. Forasponsorgrouptobeenabled,itmusthaveatleastonelocationthatitcanuse. Ifyouassignonlyonelocationtothissponsorgroup,thatistheonlyvalidtimezonefortheguest accountscreatedbyitsmembers.Bydefault,itdoesnotdisplayintheSponsorportal. Sponsor Can Create •Multipleguestaccountsassignedtospecificguests(Import)—Enablethesponsortocreatemultiple guestaccountsbyimportingguestdetailssuchasfirstnameandlastnamefromafile. Ifthisoptionisenabled,theImportbuttondisplaysontheCreateAccountspageoftheSponsorportal. TheImportoptionisonlyavailableondesktopbrowsers(notmobile),suchasInternetExplorer,Firefox, Safari,andsoforth •Limittobatchof—Ifthissponsorgroupisallowedtocreatemultipleaccountssimultaneously,specify thenumberofguestaccountsthatcanbecreatedinasingleimportoperation. Althoughasponsorcancreateamaximumof10,000accounts,werecommendthatyoulimitthenumber ofaccountsyoucreate,duetopotentialperformanceissues. •Multipleguestaccountstobeassignedtoanyguests(Random)—Enablethesponsortocreatemultiple randomguestaccountsasplaceholdersforguestswhoarenotknownasyet,ortocreatemanyaccounts quickly. Ifthisoptionisenabled,theRandombuttondisplaysontheCreateAccountspageoftheSponsor portal. •Defaultusernameprefix—Specifyausernameprefixthatsponsorscanusewhencreatingmultiple randomguestaccounts.Ifspecified,thisprefixappearsintheSponsorPortalwhencreatingrandom guestaccounts.Inaddition,ifAllowsponsortospecifyausernameprefixis: ◦Enabled—ThesponsorcaneditthedefaultprefixintheSponsorportal. ◦Notenabled—ThesponsorcannoteditthedefaultprefixintheSponsorportal. Ifyoudonotspecifyausernameprefixorallowthesponsortospecifyone,thenthesponsorwillnot beabletoassignusernameprefixesintheSponsorportal. •Allowsponsortospecifyausernameprefix—Ifthissponsorgroupisallowedtocreatemultiple accountssimultaneously,specifythenumberofguestaccountsthatcanbecreatedinasingleimport operation. Althoughasponsorcancreateamaximumof10,000accounts,werecommendthatyoulimitthenumber ofaccountsyoucreate,duetopotentialperformanceissues. •Startdatecanbenomorethan__daysintothefuture—Enableandspecifythenumberofdays withinwhichsponsorshavetosetasthestartdateforthemultipleguestaccountstheyhavecreated. Cisco Identity Services Engine Administrator Guide, Release 1.3 797 Global Settings
Sponsor Can Manage •Onlyaccountssponsorhascreated—Sponsorsinthisgroupcanviewandmanageonlytheguest accountsthattheyhavecreated,whichisbasedontheSponsor’semailaccount. •Accountscreatedbymembersofthissponsorgroup—Sponsorsinthisgroupcanviewandmanage theguestaccountscreatedbyanysponsorinthissponsorgroup. •Allguestaccounts—Sponsorsviewandmanageallpendingguestaccounts. Regardlessofthegroupmembership,allsponsorscanseeallpendingaccounts,unlessyoucheckApprove andviewrequestsfromself-registeringguestswiththeoptionOnlypendingaccountsassignedto thissponsorunderSponsorCan. Note Sponsor Can •Viewguests’passwords—Forguestaccountsthattheycanmanage,allowthesponsortoviewthe passwords. Iftheguestpasswordwaschanged,thesponsorcannolongerviewit;unlessthesponsorresetthe passwordtoarandompasswordgeneratedbyCiscoISE. Ifthisoptionisdisabledforasponsorgroup,themembersofthatgroupcannotsend emailandSMSnotificationsregardingthelogincredentials(guestpassword)forthe guestaccountsthattheymanage. Note •Resetguestaccountpasswords—Forguestaccountsthattheycanmanage,allowthesponsortoreset passwordsforgueststoarandompasswordgeneratedbyCiscoISE. •Extendguests’accounts—Forguestaccountsthattheycanmanage,allowthesponsortoextendthem beyondtheirexpirationdate.Thesponsorisautomaticallycopiedonemailnotificationssenttoguests regardingtheiraccountexpiration. •SendSMSnotificationswithguests’credentials—Forguestaccountsthattheycanmanage,allowthe sponsortosendSMS(text)notificationstoguestswiththeiraccountdetailsandlogincredentials. •Deleteguests’accounts—Forguestaccountsthattheycanmanage,allowthesponsortodeletethe accounts,andpreventguestsfromaccessingyourcompany'snetwork. •Suspendguests’accounts—Forguestaccountsthattheycanmanage,allowthesponsortosuspend theiraccountstopreventguestsfromloggingintemporarily. ThisactionalsoissuesaChangeofAuthorization(CoA)Terminatetoremovethesuspendedguests fromthenetwork. •Requiresponsortoprovideareason—Requirethesponsortoprovideanexplanationforsuspending theguestaccounts. •Reinstatesuspendedguestaccounts—Forguestaccountsthattheycanmanage,allowthesponsorto reinstatesuspendedaccounts. •Approverequestsfromself-registeringguests—Forguestaccountsthattheycanmanage,allowthe sponsortoapproveself-registeringguestswhentheyreceiveanemailrequestingtheirapproval. Cisco Identity Services Engine Administrator Guide, Release 1.3 798 Global Settings
•Approveandviewrequestsfromself-registeringguests—SponsorswhoareincludedinthisSponsor Groupcaneitherviewallpendingaccountrequestsfromself-registeringguests(thatrequireapproval), oronlytherequestswheretheuserenteredtheSponsor'semailaddressasthepersonbeingvisited.This featurerequiresthattheportalusedbytheSelf-registeringguesthasRequireself-registeredgueststo beapprovedchecked,andtheSponsor'semailislistedasthepersontocontact. •AccessCiscoISEguestaccountsusingtheprogrammaticinterface(GuestRESTAPI)—Forguest accountsthattheycanmanage,allowthesponsortoaccessguestaccountsusingtheGuestRESTAPI programminginterface. Cisco Identity Services Engine Administrator Guide, Release 1.3 799 Global Settings
Cisco Identity Services Engine Administrator Guide, Release 1.3 800 Global Settings
CHAPTER 29 Web Portals Customization Reference •PortalPagesTitles,ContentandLabelsCharacterLimits,page801 •PortalCustomization,page803 •HTMLSupportforaPortalLanguageFile,page804 Portal Pages Titles, Content and Labels Character Limits Thereisamaximumandminimumrangeofcharactersyoucanenterinthetitles,textboxes,instructions, fieldandbuttonlabels,andothervisualelementsonthePortalPageCustomizationtab. Character Limits for Portal Pages Titles, Content and Labels ThenavigationpathsfortheseportalpageUIelementsare: •ForGuestportals,chooseGuestAccess>Configure>GuestPortals>Edit>PortalPage Customization>Pages. •ForSponsorportals,chooseGuestAccess>Configure>SponsorPortals>Edit>PortalPage Customization>Pages. •ForDeviceportals,chooseAdministration>DevicePortalManagement>(anyPortals)>Edit >PortalPageCustomization>Pages. Usethisinformationwhenyouentercontentinthetitles,textboxes,instructions,fieldandbuttonlabels,and othervisualelementsoftheportalpagetheyouarecustomizing.Theseupdatesareappliedonlytothespecific pagethatyouarecustomizing. Whetheryouentersingle-byteormulti-bytecharacters,youcanonlyenterthemaximumnumberof charactersidentifiedforafield.Multi-bytecharactersdonotaffectthecharacterlimit. Note Cisco Identity Services Engine Administrator Guide, Release 1.3 801
Field Input Values: Maximum Characters Field Input Values: Minimum Characters Field Labels: Maximum Characters Field Labels: Minimum Characters FieldsField Category 256BannertitleCommon page elements 20000Footerelements 2560BrowserPageTitle 20000InstructionalText 2560ContentTitle 20000OptionalContent1 20000OptionalContent2 640Buttonlabels 640Checkboxlabels 640Tablabels 2560Linklabels 50,0000AUPTextAUP 20000Messagetext (displayedonpage) Message text 2560Messagetext (displayedinpop-up window) 2560AllfieldslabelsFieldlabels 2560Fieldinputingeneral (seespecialcases below) Fieldinput (general) 201AccessCodefieldFieldinput (special cases) 201RegistrationCodefield 641Usernamefields Cisco Identity Services Engine Administrator Guide, Release 1.3 802 Portal Pages Titles, Content and Labels Character Limits
Field Input Values: Maximum Characters Field Input Values: Minimum Characters Field Labels: Maximum Characters Field Labels: Minimum Characters FieldsField Category 2561Passwordfields 640PhoneNumberfield 1712DeviceIDfield Portal Customization Youcancustomizetheappearanceoftheend-userwebportalsandtheguestexperience.Ifyouhaveexperience withthecascadingstylesheet(CSS)languageandwithJavascript,youcanusethejQueryMobileThemeRoller applicationtocustomizeportalthemesbychangingtheportalpagelayout. YoucanviewallthefieldsbyexportingtheCSSthemeorlanguagepropertiesfromtherequiredportalpage. RefertotheExportaPortal’sDefaultThemeCSSFileformoreinformation. CSS Classes and Descriptions for End-User Portals Page Layout UsetheseCSSclassestodefineandmodifythepagelayoutoftheCiscoISEend-userwebportals. DescriptionCSS Class Name Includeslogos,bannerimage,andbannertext. OntheSponsorandMyDevicesportals,thisclass alsocontainsbuttonsthatcanactivateacontextmenu. Forexample,themenucanbringupapop-upwindow withoptionstoLogOut,ChangePassword,andso on. cisco-ise-banner Containsallpageelementsthatarenotpartofthe banner. cisco-ise-body Emptybydefault.Youcanaddtext,links,andHTML andJavascriptcode. cisco-ise-optional-content-1 Includesthemaincontentsoftheportalpage,such asinstructionaltext,actionbuttons,andthe cisco-ise-footercontainer. cisco-ise-main-content Emptybydefault.Youcanaddtext,links,andHTML andJavascriptcode. cisco-ise-optional-content-2 Partofthefooter,itisaplaceholderforlinkssuchas ContactSupportandonlineHelp. cisco-ise-footer Cisco Identity Services Engine Administrator Guide, Release 1.3 803 Portal Customization
DescriptionCSS Class Name Emptybydefault.Itisaplaceholderforanythingthat youwanttodisplayatthebottomoftheportalpage, suchasacopyrightnoticeoradisclaimer. cisco-ise-footer-text Figure 43: CSS Classes Used in the End-User Portal Page Layout HTML Support for a Portal Language File Thezippedlanguagefileforeachportalincludesthedefaultlanguagepropertiesfilesforthatportal.Each propertiesfileincludesdictionarykeysthatdefinethecontentthatdisplaysontheportal. Youcancustomizethetextthatdisplaysonaportal,includingthecontentintheInstructionalText,Content, OptionalContent1,andOptionalContent2textboxes.Someofthesetextboxeshavedefaultcontentand someareempty. Cisco Identity Services Engine Administrator Guide, Release 1.3 804 HTML Support for a Portal Language File