08-12-2015 11:58 PM
I am trying to setup some ClearPass Operator Restrictions. Does anyone know if it's possible to setup an Operator role to only be able to create guest accounts with a limited expiry date?
Essentially we are looking to stop Operators from giving guests unlimited access for a 'do not expire' account.
Thanks in Advance
Solved! Go to Solution.
08-13-2015 04:15 AM
In order to do this, you need to create a new guest account creation form for these Operators. You can edit the form to include the limited expiration options you want (expire_after field). You can then change New Guest Account form that the Operators use under the Custom Forms and Views section of the Operator Profile.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
08-14-2015 10:04 AM
I have something like this working. I have two guest forms called longterm and shortterm. Any of the company employees can create a shortterm guest ID valid upto a month by logging in with their AD account. They have no other rights. Then admin users who are a member of a special AD group can log in and only hit the longterm page for accounts valid up to a year. Both options have a range of options for how long to make the account. Shortterm accounts are valid 1,2,3,5 days, 1,2 weeks or 1 month. Longterm is 2,3,6 months or a year. My only issue is the admin users can not create short term accounts unless they log in with a non AD account. In my case they use a lotus notes account and that allows them to creat the short term accounts if needed. On the operator login page I just have the instructions explaining the difference.