Security

Reply
MVP
Posts: 1,394
Registered: ‎05-28-2008

in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

[ Edited ]

I built a guest login with 1 hour expartion time. and i limited it to 1 session per guest - 1 device

everything works.

 

BUT when the guest ending his 1 hour,and he would like to reconnect with other device (with the same e-mail)

the clearpass giving me reject.

Capture.PNG

 

i dont want that the clearpass will limit e-mail/user to use just 1 device - i just want to limit the usage of 1 session(1 device) per e-mail while the account enabled - after the time is over - i would like to give the ability for the user/e-mail to create new user with the same e-mail and another device...

 

Please advise.

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

anyone?

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

If you only want to limit the user to one session, then you could try to enable this on the account itself.

 

  1. For all guest creations:   CPG --> Configuration --> Guest Manager --> Active Sessions

  2. For your specific guest form to set this value when the accout is created:  CPG --> Configuration --> Guest Self-Registration --> Your Page --> Click Form in the Register Page section --> Insert a new field (anywhere) --> Choose simultaneous_use --> Change User Interface to Hidden --> Change Initial Value to 1  --> Save Changes
------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

[ Edited ]

clembo...but then the user can use 2 devices.....he just re self register the new device....it's not enough...

(SO I LIMIT THE ABILITY TO CREATE same user by using: auto_update_accounthidden

 

BUT WHEN THE 1 HOUR IS OVER - and the user want to use the same e-mail...he getting reject because his first device still being in the endpoint DB.....

 

PLEASE READ AGIAN my need.

BTW:

this configuration already configured in the guest cppm....

Capture.PNG

 

 

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

Your initial post had the following, that you didn't want to limit the user to 1 device, but rather the usage of 1 session; so I interpreted it as you stating you wanted to limit it 1 session during the life of the account:

"i dont want that the clearpass will limit e-mail/user to use just 1 device - i just want to limit the usage of 1 session(1 device) per e-mail"

 

Can you share the error on the Alerts tab of Access Tracker?

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

Why don't you check what Enforcement profile is being applied to the service and the user.   It likely has a condition that limits the unique device count to greater than 1.   You can change/remove this as you need for your scenario.  

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

Hi Clembo

 

i'm limiting for 1 session per guest (in the guest manager) and also guest = 1 device (now i raised it to 2 devices)  Authorization:[Endpoints Repository]:Unique-Device-Count = 2

 

Please try to figure out what i'am trying to acomplish:

 

Drawing1.jpg

 

im trying to limit guest to use each register time only in 1 device... but when the 1 hour is over and he get logged out and deleted i want that he will be able to re self register his 2nd device

Drawing12.jpg

 

But i keep getting this REJECT issue even due the guest is expired....his endpoint record his still there... :( please advise

 

Thanks,

 

Me

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

This is my enformect policy after i raised it to two devices:

Capture.PNG

 

before i raised it , it was 1:

Authorization:[Endpoints Repository]:Unique-Device-Count  GREATER_THAN 1

 

but still what happend if the same guest is coming after a week with a 3rd device and using the same e-mail address? he still getting reject - because the endpoint recorded are kept...

 

please advise.

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

You can remove that condition from the enforcement profile altogether if you want (if you already have the 1 session at a time setup and working the way you want).   Or create a new Enforcement Profile altogether that doesn't even look at the unique device count.

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 1,394
Registered: ‎05-28-2008

Re: in cppm guest - i would like limit guest to use 1 device per e-mail..BUT

Ok.. Understood. But then even before the first session is over the user can sel reg is 2nd device.. Or the auto update account in the form should solve it? Or than even after 1 hour he will not be able to self reg with the same mail?
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: