Hi
Yes, you can open to any website or service.
The main issue you may face is that you don't know what email service your guests will access or the protocoll rhey are using
------------------------------
Best Regards
Jonas Hammarbäck
MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Apr 06, 2023 08:04 AM
From: afedeli
Subject: Self-registering Guests and email receipt
Hi Jonas and thank you,
this is a good point. For sure the 1 hour interval is too long, we need to work on it to shorten to just a little amount of minutes (maybe 5).
From your experience and from your point of view, is it really impossible to open email access on the guest logon role? even if i put an allow-all policy on top , it won't work.
Many thanks
Kind regards
Alessandro
Original Message:
Sent: Apr 06, 2023 06:17 AM
From: jonas.hammarback
Subject: Self-registering Guests and email receipt
Hi Alessandro
I have a customer with a similar requirement. In that case I have implemented sponsor approval, but instead of approval from an employee the guest get the email with the approval link.
You can allow a guest account to be enabled for a short time, shortest time is 1 hour, after the registration and when the account is approved with the sponsor link the account get extended validity time. It may be possible to shorten the initial time if ClearPass send Dynamic Authorization after a specified time, maybe 15 minutes. But this is more advanced.
In the guest reciept page, you have to hide the username and password information, and maybe write a text telling the user to open the email they got and confirm the email address.
Copy the sponsor email template and write new content and also instead of sending to the sponsor_email field, use email as the recipient
Below is a screenshot of the settings required for the sponsor part. The email template Self Sponsorship Confirmation is a copy of the default Sponsorship Confirmation
------------------------------
Best Regards
Jonas Hammarbäck
MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Apr 06, 2023 05:20 AM
From: afedeli
Subject: Self-registering Guests and email receipt
Hello,
in the guest-self-registration-flow, our customer wants that username and password are not shown in the receipt page, but sent via email, so that the inserted email address can be verified. The web portal configuration is ok and emails are correctly sent.
How is it possible to let the user receive the email while connected to the captive portal SSID while still in the guest-logon role?
We need this because there are many locations into the site where there is no connectivity to the cellular network.
I tried editing the policy for the guest-logon and allowing app-category email-protocols and url-category web-email but with no success.
Many thanks
Alessandro