Sponsored self-registration is a means to allow guests to self-register, but not give them full access until a sponsor (could even be a central help desk) has approved the request. When the registration form is completed by the guest/user, an on screen message is displayed for the guest stating the account requires approval.
An email is also sent to the sponsor advising them of a guest access request with a link back to the Amigopod which presents a summary of the user, as well as Confirm and Reject buttons. Upon confirmation, the guest will be notified via email/SMS and will have full role based access policies applied. Upon rejection, the account is immediately deleted.
Guests are disabled upon registration and need to wait on the receipt page for the confirmation until the login button gets enabled.
A guest registers and can immediately log in as they normally can. Upon confirmation the user's role is changed to one with a different firewall/qos profile
A guest registers and can immediately log in as they normally can. Upon confirmation the user's expiration is lengthened a configured amount, such as "+1 week".
This solution provides the automation of self registration with a simple approval system to keep the security teams happy. Oh and Amigopod can also restrict email domains to stop guests sponsoring themselves using a personal email address!