Security

 View Only
  • 1.  Self-registering Guests and email receipt

    Posted Apr 06, 2023 05:20 AM

    Hello,
    in the guest-self-registration-flow, our customer wants that username and password are not shown in the receipt page, but sent via email, so that the inserted email address can be verified. The web portal configuration is ok and emails are correctly sent.
    How is it possible to let the user receive the email while connected to the captive portal SSID while still in the guest-logon role?
    We need this because there are many locations into the site where there is no connectivity to the cellular network.
    I tried editing the policy for the guest-logon and allowing app-category email-protocols and url-category web-email but with no success.

    Many thanks
    Alessandro



  • 2.  RE: Self-registering Guests and email receipt

    Posted Apr 06, 2023 06:18 AM

    Hi Alessandro

    I have a customer with a similar requirement. In that case I have implemented sponsor approval, but instead of approval from an employee the guest get the email with the approval link.

    You can allow a guest account to be enabled for a short time, shortest time is 1 hour, after the registration and when the account is approved with the sponsor link the account get extended validity time. It may be possible to shorten the initial time if ClearPass send Dynamic Authorization after a specified time, maybe 15 minutes. But this is more advanced.

    In the guest reciept page, you have to hide the username and password information, and maybe write a text telling the user to open the email they got and confirm the email address.

    Copy the sponsor email template and write new content and also instead of sending to the sponsor_email field, use email as the recipient
    Below is a screenshot of the settings required for the sponsor part. The email template Self Sponsorship Confirmation is a copy of the default Sponsorship Confirmation



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: Self-registering Guests and email receipt

    Posted Apr 06, 2023 08:04 AM

    Hi Jonas and thank you,
    this is a good point. For sure the 1 hour interval is too long, we need to work on it to shorten to just a little amount of minutes (maybe 5).

    From your experience and from your point of view, is it really impossible to open email access on the guest logon role? even if i put an allow-all policy on top , it won't work.
    Many thanks 
    Kind regards
    Alessandro




  • 4.  RE: Self-registering Guests and email receipt

    Posted Apr 06, 2023 08:35 AM

    Hi

    Yes, you can open to any website or service.
    The main issue you may face is that you don't know what email service your guests will access or the protocoll rhey are using



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 5.  RE: Self-registering Guests and email receipt

    Posted Apr 06, 2023 09:58 AM

    Thank you.
    the issue I'm facing is that, even if I put an allowall policy on top of the policy list, it won't work.

    I tried to apply the configuration with self sponsorship, but the user remains in the guest-logon role and cannot access the mail . What I expected was to see the user role change in the Mobility Conductor Dashboard, but it' still stuck in the pre-login role.
    here is my configuration: