AAA, NAC, Guest Access & BYOD

How to setup dynamic guest account expiration based on role

Aruba Employee
Requirement:

We might have a requirement where guest accounts need to be configured for different expiration time based on the role they choose in the Self Registration. For example, Guest user accounts could be valid for 1 day, Contractor accounts for 3 days, Employees for 7 days etc.



Solution:

We could achieve that requirement by following the configuration steps below



Configuration:

We need to make sure that the guest self registration page has the role_id field added so that the user can choose the appropriate role and subsequently get the appropriate expiration time for his account. We rely on a javascript to modify the expiration time of the account for us based on the value for the role_id.

Hence, we need to include the role_id in the self registration form. Make sure that you are aware of the role_id that corresponds to each role name(It takes the roles from the default [Guest Roles] role mapping policy in CPPM).

Also hard code some default value for the field modify_expire_time in the self registration form. It takes values in a friendly format like 1d for 1 Day , 1w  for 1 week etc.

The javascript that updates the modify_expire_time field with a different value based on the role chosen is below

 

<script type="text/JavaScript"><!--{literal}
function RegisterSubmit(form_name) {
    ev = window.event;
    var frm = document.forms[form_name];
   
      if (frm.modify_expire_time.value!= '') {
    
      var temp1= frm.role_id.value;
      
      if (temp1 == 1)
       {
       frm.modify_expire_time.value ='1d';
         }
       if (temp1 == 2)
       {
       frm.modify_expire_time.value ='2d';
         }
        if (temp1 == 3)
       {
       frm.modify_expire_time.value ='7d';
       }
       
        }
    return true;
}

{/literal}
</script>
 

In the script above we are setting the expiration to 1 day for role_id 1, 2 days for role_id 2 and 7 days for role_id 3 ( This can be customized in any way based on the requirement).

You need to put this javascript in the footer section of the registration page as shown in the screenshot below. 

 

We would trigger this javascript upon form submit and in order for us to do that, we need to edit the submit field in the self registration form

Under advanced properties of the "submit" field we need to mention the name of the javascript function that we included in the page footer earlier, so that it can be called upon form submit.

In the script above it is RegisterSubmit.

 

Once all this is done you should be able to see that a user who registers with role_id 1 will have 1 day as their account expiration, 2 as role_id will get 2 days and 3 as role_id would get 7 days.

 

 

 

 



Verification

We can verify this by registering as a user with different roles and observe the different expiration times 

role_id 1 Contractor gets an account with an expiration time of 1 day.

role_id 2 Guest gets an account with an expiration time of 2 days.

role_id 3 Employee gets an account with expiration time of 7 days.

 

Version history
Revision #:
2 of 2
Last update:
‎03-01-2017 03:05 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.