Security

Hello everyone,

i'm wondering if someone around here ever achieved this. The customer has Operators creating and managing guest accounts but they want to only enable the guests to extend their account expiration by themselves to reduce overhead.

Right now the guests are receiving an e-mail informing them their account will expire soon and they reach out to the operators for them to renew it.

I digged in Clearpass guests feature and even the self service portal but couldn't really find any way of permitting a guest to do this himself.

Worst case i'll probly go the API way and try to get around this but if I can avoid this, it would be great :)

Any ideas ?

So there are a couple of ways you could approach this

1)  Provide a longer guest expiration to begin with.  What is the point of expiring guest accounts if the tendency is that guests regurlarly request extensions?  You still have a record of every guest auth session and keeping accounts in the database does not consume licenses, only when the guest is actually active.  You can play with what this number should be but is likely the simplest option

2)  Create a seperate guest self registration page with the username field, expiry length and include hidden auto_update_account field = 1.  You could link to this new page from the 'your account is about to expire' email.  It is also possible to require the guest to have to login to this page, just need to create an operator profile for guest users that allows guest account extension permissions for the guest role and only their account.

I personally think option 1 is much simpler.  Nothing to gain from having the same guest enter the same information into the same form on the same device to get the same username/password.

Hope that helps

Carlos