AAA, NAC, Guest Access & BYOD

How to enable option to override guest user’s role when sponsor confirms the account in Clearpass 6.4.x

Sponsored self-registration is way of allowing guests to self-register and not give them full access until a sponsor approves the account. When registration form is submitted, the guest account will be created with default expiration, role and in disabled state. The registration receipt page will display a message stating the account requires approval and the login button is disabled. An email is sent to sponsor with a link to Clearpass server, which displays summary of the user as well as Confirm and Reject buttons. Upon confirmation, the guest will have full access. Upon rejection, the account is immediately deleted.

 

Environment : 

Clearpass configured with guest self registration to allow guests to authenticate to guest network.

 

-From Guest->Configuration->Pages->Guest Self-Registrations-> Self-Registration page -> Sponsor Confirmation, enable the option “Require sponsor confirmation prior to enabling the account”.

 

rtaImage.jpg

 

From Account overrides section, select role override option to a fixed role or to prompt for sponsor to select a role.

 

rtaImage (1).jpg

 

From Account overrides section, select role override option to a fixed role or to prompt for sponsor to select a role.

 

rtaImage (2).jpg

 

Select the “Account State” option appropriately to define whether to automatically enable the account prior sponsor confirmation or create guest account in disabled state.

 

rtaImage.png

 

Overriding Guest Account role in 6.4.x:

When we enable role override, the guest’s role can be changed upon sponsor confirmation. In this mode, we can define whether to automatically enable the account prior sponsor confirmation or create guest account in disabled state. The role defined in the registration form is the role; the guest receives upon initial registration. Sponsor can override the guest role when performing confirmation.

 

Register for a guest account and use the sponsor confirmation email received to verify the role override option:

 

rtaImage (3).jpg

 

From Guest->Administration->Support->Application Log, we can verify the guest account created:

 

14-12-19 21:25:37 10.28.31.143 admin info Successfully created user account guest@domain.com in database Password: 227490 Account will expire at 2014-12-20 21:25:35 Account role is [Guest] Account sponsor is admin Created by admin from 10.28.31.143 User DB: ClearPass Policy Manager
  Successfully created user account guest@domain.com in database
Password: 227490
Account will expire at 2014-12-20 21:25:35
Account role is [Guest]
Account sponsor is admin
Created by admin from 10.28.31.143
User DB: ClearPass Policy Manager
Client:    10.28.31.143:58749
App User:  admin
Script:    /guest/test1.php
Function:  NwaGuestRegisterForm
Arguments: array (
  'user' => array (
    'username' => 'guest@domain.com',
    'role_id' => 2,
    'role_name' => '[Guest]',
    'simultaneous_use' => '1',
    'start_time' => 1419004535,
    'enabled' => false,
    'expire_time' => 1419090935,
    'do_expire' => 1,
    'expire_postlogin' => 0,
    'visitor_name' => 'guest',
    'email' => 'guest@domain.com',
    'create_time' => 1419004509,
    'mac' => NULL,
    'remote_addr' => '10.28.31.143',
    'essid' => '',
    'apname' => '',
    'apgroup' => '',
    'vcname' => '',
    'sponsor_email' => 'nimal@arubanetworks.com',
    'sponsor_name' => 'admin',
    'sponsor_profile' => '1',
    'sponsor_profile_name' => 'IT Administrators',
    'source' => 'test1',
    'register_token' => '9kwu3-hrxxf-r4gt1-vo4p6-1jymm',
    'register_token_confirmed' => 0,
    'id' => '917942',
  ),
)
Details:   array (
)

From Guest->Administration->Support->Application Log, we can verify the sponsor confirmation email sent to sponsor.

 

2014-12-19 21:25:44 10.28.31.143 admin info Sent sponsorship confirmation request for guest@domain.com to nimal@arubanetworks.com
  Sent sponsorship confirmation request for guest@domain.com to nimal@arubanetworks.com
Client:    10.28.31.143:58749
App User:  admin
Script:    /guest/test1.php
Function:  NwaSmtpDoGuestConfirm
Arguments: true
Version history
Revision #:
1 of 1
Last update:
‎04-08-2015 07:25 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.