Cisco ISE: Single Click Sponsor Approval for Guest

A very handy feature since it inserts the links to Approve or Deny guest in the email itself. Now no need to login to Sponsor Portal and approve the user.

Setup is simple and it will even generate and insert needed variables. It is done under Work Center > Guest Access > Portals and Components > Guest Portals > edit your Guest Portal > Portal Page Customization > Approval Guest Email.

Also do not forget to set FQDN for sponsor portal under Work Center > Guest Access > Portals and Components > Sponsor Portals > edit your Sponsor Portal > Portal Settings. In addition, add all PSN’s to the same FQDN in DNS so they can resolve to it.

Now ideally all should start working after the setup is complete but not in my case. I was running into a weird issue when URL in the email would have PSN IP instead of FQDN. One of the troubleshooting steps you can do is compare email URL to Sponsor Portal URL.

This is my email Guest Approval URL.

And this is my Sponsor Portal URL.

As you can see “portal hash” is different and logically these leads us to believe there is a mismatch somewhere in configuration. The fix is hidden deep inside the Guest Portal Registration Form Settings.

Once Details un-hidden it reveals the list of Sponsor Portals allowed to verify approval privileges and the simple thing to do is select your custom portal instead of the default.

Once the selection is made URL is displayed with proper FQDN.







Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar